All affiliate Law Enforcement Agencies (LEAs) using AviaTor are invited to the peer-to-peer learning event twice a year. The goal of these meetings is to learn from each other, by sharing knowledge and best practices between LEAs from different countries. Participants exchange ideas and experiences on the use of AviaTor and provide valuable feedback for the development team of the AviaTor tool. On March 29th 2023, we welcomed 28 attendees in Brussels to the third peer-to-peer event.

AviaTor stands for Augmented Visual Intelligence and Targeted Online Research. ZiuZ Forensic, one of the technology partners within the project, is responsible for the development of the first part of these features: Augmented Visual Intelligence. Web-IQ, the other technology partner within the project, is responsible for the Targeted Online Research (OSINT) part of development. Developers from both ZiuZ Forensic and Web-IQ were present at the peer-to-peer learning events to collect valuable feedback about the tool.

Aviator is being used to prioritise and triage National Centre of Missing and Exploited Children (NCMEC) reports of Child Sexual Abuse Material (CSAM). But due to the nature of the content and the associated legal limitations, the developers of the AviaTor tool do not have access to these reports when building and updating the tool. As AviaTor is a standalone installation, it does not send back any data or information to the developers. This is why regular feedback from its users (LEAs) is vital for further development and improvement.

The peer-to-peer learning events are the perfect opportunity to receive valuable feedback from the end users of AviaTor. Additionally, these events provide a great platform for law enforcement officers fighting against the same crime across the globe to exchange their valuable know-how on tools and techniques they use and insights on the emerging trends.

Change of Guard

Grete Raidma, Project Manager at INHOPE welcomed and thanked all attendees for travelling to Brussels for this important event. Grete has been part of the AviaTor project team since 2022, but will soon hand that responsibility to Nurbegim Azatulloeva - INHOPE's new project associate as Grete moves on to other projects.

Prioritisation and practical use of scoring mechanisms: national cases

Yves Goethals from the Belgian Federal Police led an interactive exercise, during which all participants joined the conversation, and shared experiences and opinions. Some of the key takeaways and highlights that came out of this session:

• It would be valuable if platforms (Electronic Service Providers) were able to be more selective in the reports they make to police when the content is neither CSAM nor in other ways illegal. Even though Artificial Intelligence is being trained to recognise this type of material, there remain gaps, leading to many reports containing the same content. This hinders LEAs to dedicate their time to more critical cases.
• Determining whether CSAM is self-generated or recorded by a third party is a difficult task. The developers agreed to look into the possibility of developing an AI tool within AviaTor that can detect selfies.
• AviaTor can import the reports from NCMEC directly every evening, this can be an advantage over the normal way of receiving the reports from Europol for countries where the retention time is very short.
• Prioritisation can be very valuable in determining which reports are NOT a priority. It proves to be more efficient to weed out the lower-priority cases instead of attempting to identify all high-priority cases. However, it was noted that even low-risk cases require additional intelligence to determine their category, as abuse could still be happening behind reports that receive a low-priority rating.
• A whitelist could be a valuable addition within AviaTor to identify images that are not illegal.
• ZiuZ agreed to look into the possibility of applying a specific metric for an uploaded hash list.
• To identify grooming offences, LEA analyse text logs based on certain keywords likely used by offenders. As the language differs across countries it would be valuable for each LEAs using AviaTor to upload their countries list, so that the keywords can inform prioritisation.

Legal do's and don'ts when processing NCMEC reports

Ruben Roex and Jolien Clemens from law firm Timelex provided the group with an overview of legal possibilities and limitations to consider when working with AviaTor. Timelex is a project partner within the AviaTor project, whose purpose is to investigate the legal framework within which AviaTor exists and guide the project team and its affiliates.

Key takeaways:

• Ruben and Jolien discussed the Law Enforcement Directive (LED) and how it applies to the processing of NCMEC reports. The LED legislation is a "sister" instrument of the GDPR legislation and is applicable when personal data is processed by competent authorities, for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.
• DO: Take into consideration that AviaTor creates a police database and should therefore be treated as such: some specific requirements may apply under national legislation.
• DO: A Data Protection Impact Assessment should be done in certain situations.
• DO: specify data retention time and actively manage the underlying database within AviaTor based on that.
• DON'T: Incoming NCMEC reports must be validated and approved on accuracy by LEA before the data can be connected or fed into other existing internal databases. LEA is responsible for the data accuracy of the reports and AviaTor is merely a tool that helps assist with triage.
• DON'T: send incorrect reports back to NCMEC as this is seen as a data transfer with possible legal complications.

Kent Internet Risk Assessment Tool (KIRAT)

Darren Young from the Metropolitan Police held a presentation on the background and use of the KIRAT tool. KIRAT is used to assess the level of risk posed by a suspect who possesses and views indecent images of children on the internet, and likelihood of that person becoming a contact offender. It is a valuable evidenced-based tool to assist in risk and resource management of IIOC cases when dealing with a large volume of reports.

AviaTor Practical Session

Annemarie Brockmöller from Web-IQ led the second interactive session of the day. The AviaTor affiliates were each asked to prepare a case in which they had used AviaTor and discuss this with the other users. The presentations were very insightful and it proved to be valuable to share these case studies with peers.

Data Management Challenges and Cyber Grooming

Philippe Thomas from DFKI closed the day with a deep dive into the challenges in the detection of cyber grooming in chats​. DFKI is the German Research Centre for Artificial Intelligence. They are AviaTor project partners, and in that capacity, they provide the development team and affiliates with research data. Phillipe outlined how cyber-grooming can be identified by machine learning, but acknowledged that currently available datasets are based on limited data, or aren't available to other researchers. Philippe showed the approach DFKI is working on for cyber grooming detection and shared some preliminary results for English and German chats.

The next steps to optimise detection are to identify why the algorithm classifies certain chats as cyber grooming and conduct behavioural tests, such as analysing language. There is specific wording that is commonly used by cyber-grooming offenders. DFKI implements those indicators to test whether the algorithm can detect them correctly. They are going to evaluate if machine learning outperforms pattern-based approaches​. After the initial testing phase, the algorithm will be applied to real-world cases.

Reflections and Closing Remarks

Grete Raidma from INHOPE closed the session with a big thank you to all participants. The purpose of these events is to create a space for knowledge-sharing, valuable feedback and cooperation. This edition was particularly successful due to its high-level of participation and interaction between LEA affiliates. AviaTor developers received a lot of feedback and input on the tool and how to optimise it for more effective usage.

We will work to ensure that all upcoming sessions are as fruitful and interactive as this one. The next peer-to-peer event is planned to take place in September 2023.

AviaTor is an automated prioritisation and triage tool that can be used by law enforcement to sort incoming NCMEC reports of Child Sexual Abuse Material (CSAM). Development on AviaTor started in 2019 and since then the number of LEAs using the tool has increased. AviaTor is currently (March 2023) being used in 13 countries and the onboarding of more countries is presently ongoing. The project is funded by the European Union's Internal Security Fund - Police.