On March 30th, 58 representatives from various stakeholders dealing with Child Sexual Abuse Material (CSAM) reporting, came together in Brussels at the AviaTor Seminar. The event, under the theme "The Future of Report Prioritisation" facilitated valuable discussions and knowledge-sharing among a varied audience. If you were unable to attend make sure to read this recap for an overview of the key takeaways from the event.

In alignment with the seminar theme, both speakers and the audience consisted of stakeholders from different disciplines dealing with industry reporting. The AviaTor project team aimed to provide the audience with an overview of all relevant stakeholders by inviting speakers from law enforcement, legislators, academics, industry and technology.


After the kick-off by Esmeralda Schoenmakers from INHOPE, Annemarie Brockmöller from project team member Web-IQ took the stage to outline the AviaTor project and tool. She explained how the project was founded, how AviaTor works and which LEAs and project team members are involved. Over the past years, over 100 demos of the AviaTor tool were given and the goal is to have twenty-five LEAs utilising AviaTor by 2024.

NCMEC Reporting Trends

John Shehan, Senior Vice President at the National Centre of Missing and Exploited Children (NCMEC) shared the latest statistics from 2022, providing a broader understanding of the issue of the growing volume of reports. To address this issue, NCMEC is investing in new technology to improve the quality of reports sent to LEAs and INTERPOL. One of NCMEC's latest priorities is to eliminate so-called 'white noise’ to support LEAs in focusing on the most critical reports.

To achieve this, NCMEC worked to improve their IP matching service. This not only helps to eliminate "white noise," but leads to a more accurate prediction of jurisdictions. NCMEC has also focused on planned deconfliction work by improving their location prediction, integrating relevant data from Child Rescue Coalition and taking into use deconfliction alert mechanisms. NCMEC is planning to improve ‘the de-duplication of its reports and allow a file feedback loop for law enforcement.

To streamline categorisation, NCMEC began using file tag categorisation - a process where each incoming report file is categorised once with a tag. Afterwards, the file is assessed by three people to confirm the categorisation. Labels will be provided to whom the reports are distributed, based on those tags. Differentiation is made between content, context and egregiousness.

Equipping Platforms - Accelerating Victim Identification

Offering a fresh perspective on tackling report prioritisation, Cathal Delaney, European Program Director for Victim Identification at Thorn walked attendees through Thorn's innovative solutions developed to equip platforms and accelerate victim identification. Cathal stressed that there is currently a lack of standard procedures and best practice guidelines regarding platform protection. Building or buying technology to detect CSAM is expensive and many companies don't want to take on the difficult challenge of actively searching for CSAM on their platforms. However, there are tools available that can alleviate this process.

Thorn's product Safer is used by technology companies to identify, remove, and report Child Sexual Abuse Material (CSAM) at scale to prevent the re-victimisation of children. The tool uses hash matching, and Scence Sensitive Video Hash (SSVH) to detect known CSAM. Unknown CSAM is detected through the CSAM classifiers, which are machine-learned tools that automatically classify data into different categories. Thorn also has an approach to identifying grooming - the Grooming Text Detector can detect grooming within chat logs.

Cathal spoke about how Thorn has made tooling available to law enforcement to support them in prioritising reports to enable victim identification. They will continue to innovate on prioritisation through the use of the Universal Classification Schema to ensure that victims stay at the centre of those efforts.

Report Standardisation, Exploring What's Involved

The day continued with a lively panel discussion between Ben van Mierlo (National coordinator for the fight against child abuse images and travelling child sex offenders for the National Police of the Netherlands), Uri Sadeh (leads INTERPOL’s Crimes Against Children Unit), Annette Cassar (Policy officer to the unit on ‘Security in the Digital Age’ in DG Migration and Home Affairs of the European Commission) and John Shehan (NCMEC Senior Vice President) – chaired by Grete Raidma (Project manager at INHOPE).

The panel explored how mandatory reporting in the EU could impact the number of reports, identified the main challenges of resource allocation and spoke out on the need for investment in technology solutions for law enforcement. The discussions furthermore touched on the topic of the effectiveness of automated prioritisation technology, as well as the use of open-source intelligence (OSINT) in CSAM investigations. Attendees and speakers examined how these types of technology solutions will affect the number of reports received by law enforcement and whether these solutions will create new challenges for report prioritisation.

During the Q&A the audience had the opportunity to ask questions and contribute to the conversation. As expected, the newly proposed EU legislation concerning mandatory industry reporting and the to-be-established EU Centre was the subject of multiple questions from the audience. The panel was more than willing to take their time and answer all questions regarding this subject.

Report Handling by Dutch Law Enforcement

Lesley Lindner and Ellena Verzijl from the Dutch National Child Exploitation Investigation Unit within the National Police of the Netherlands provided a rare insider view into the way the Dutch police handle and processes incoming NCMEC reports. The Dutch police have developed their own in-house tool called ECLIPS, which besides AviaTor is used, as a database and triaging tool for cases involving child exploitation and abuse. The Dutch Police showed some of its functionalities and options to potentially combine ECLIPS and AviaTor in the future.

Reflecting the True Number of Re-Offenders

Dr. Michael Bourke is a clinical and forensic psychologist, who has evaluated and/or treated thousands of incarcerated offenders, including sex offenders, death row inmates, minors in juvenile detention, and schizophrenic murderers in a secure psychiatric hospital. Dr. Bourke is currently an adjunct faculty member at George Washington University and Nova Southeastern University.

Taking attendees on an exploration of previous cases, Dr. Bourke explained that report prioritisation is in many cases comparable with predicting the possibility of a reoccurring offence. Working with offenders who have consumed or shared CSAM, often posed the question of whether this behaviour could turn into hands-on abuse. Small-scale research studies conducted by Dr. Bourke himself showed that many offenders incarcerated for non-contact offences were actually likely to have already committed hands-on abuse. This means, that even in cases of non-contact offences, LEA has to remain alert to the chance of hands-on abuse.

Recidivism (the tendency of a convicted criminal to re-offend) is often used as an indicator to calculate the risk of an offender. But it is important to note that recidivism studies do not reflect re-offenders. They only reflect re-convictions. And only 14-17% of all re-offenders are believed to be re-convicted, according to Dr. Bourke. Tracking the true number of recidivism cases requires a longer process. The victim has to understand a crime has taken place, and a report must be made to law enforcement. This report, substantiated by enough evidence collected by LEA must be accepted by the Procutor and classified as a sexual crime. Only after the perpetrator has been found guilty and only all appeals are passed can the case be recorded in the database and classified as recidivism.

Responsibilities of Electronic Service Providers

Alexandre Dangréau, Head of Trust and Safety at OVHcloud explored common challenges faced by ESPs when it comes to reporting illegal material found on their servers. Alexandre showed how OVHcloud - a cloud service providing public and private cloud and shared hosting in 140 countries worldwide - streamlines their process.

Alexandre pointed out, that collaboration with authorities and hotlines is critical in getting harmful material removed. To protect their users privacy, ESPs usually don't have direct access to the content on their customer's servers. He expressed that a technical solution is needed that detects known CSAM and immediately rejects the material during an upload attempt. An open-access API to a hash list database could be a potential solution.

Standardise, Automate, Prioritise

Jos Flury from ZiuZ Forensic and Mathijs Homminga from Web-IQ ended the day with their presentation on why tooling is a must for LEA processing of NCMEC reports.

Representing the two technology companies that develop the AviaTor tool, they took us through some of the lessons learned throughout the project. Developing a tool for LEAs can be challenging, as not all LEAs are alike. There are great differences between countries, and each location comes with different needs and limitations. Some aspects that can highly differ between LEAs are the number of incoming reports, retention time, local legislation differences into what is illegal and what is not, centralised processing vs decentralised processing, allowed access to the internet, systems that are already in place and available funding to purchase the necessary hardware to run AviaTor.

However, a common thread among most countries is the growing number of NCMEC reports, which requires tooling. The primary focus for AviaTor will be on the enrichment part of reports. AviaTor can collect all relevant and available data from the report and media file that is available both within AviaTor and from connected databases and online sources, to provide the investigator with as much information as possible to then triage between reports and prioritise. Standardisation and automation within CSAM reports can help make this process easier.

The team has identified the differences in needs between the larger and smaller LEAs and focuses on providing a customized solution that fits their specific needs. AviaTor is ready for the future, new legislation, possible new report types and new APIs for download.

The goals for 2023-2024 are clear:

• Ensure AviaTor is functionally complete and sustainable
• Develop advanced AI for text analysis and video analysis
• Drive collaboration amongst LEAs, Europol, INTERPOL and industry
• Publish yearly report for stakeholders with statistics and findings on industry reporting
• On board at least 25 national LEAs using AviaTor
• Conduct a legal review of EU law and policies influencing the project
  
  

Esmeralda Schoenmakers from INHOPE closed the day by thanking all speakers and attendees. She emphasized the importance of sharing knowledge between stakeholders and keeping communication open. The seminar was a true example of how people from different disciplines can come together and work on the future of report prioritisation. We are looking forward to seeing even more people at the AviaTor Forum, scheduled to take place in August 2024.

Make sure to sign-up for the AviaTor newsletter in order to keep informed about the AviaTor project and its upcoming events: click to sign up.

AviaTor is a prioritisation and sorting tool made available to LEAs to help them process the growing number of incoming NCMEC reports. In 2019 the AviaTor project started. Funded by the European Union's Internal Security Fund - Police, the project brought together a group of experts to work on the AviaTor tool and its dissemination under LEAs, with a main focus on Europe.