the language of child abuse

They say you can’t have an omelette without breaking eggs.  Similarly, you can’t have child pornography[1] without abusing a child; a real child, being real abused.

With this in mind, most professionals working in this area no longer use the term child pornography and use instead the term child sexual abuse material or CSAM. 

This makes it instantly recognisable for what it is, photo, video and text depictions of a child or children being sexually abused.  From the mid 1980’s countries began to make this material illegal through strong legislation that reflected societies abhorrence at the fact that it existed at all and the advent of the internet accelerated this process.  The UN, the Council of Europe and the EU all have strong legal instruments in place for their members.

In policing circles, we have worked hard to “re-see” this material as crime scenes in themselves rather than just evidence of crime for the person possessing or distributing it.  It is only right that we put children first and work to identify the child in the material, to stop the abuse as early as possible.  It is also right to see the material from the child’s perspective and not that of the abuser.  Abusers, including those who possess and distribute the documented abuse, see it as pornography, designed to titillate sexually, to arouse.  We must take that “regard” away by removing the word pornography. 

This is all contained in the Luxembourg Guidelines[2] a terminology guide to harmonise the terms and definitions related to child protection.  You will find this discussion on page 38.

Calling it porn denigrates the actors who “star” in these blockbusters, those human beings who did not consent, were not rewarded and who suffer life changing mental and sometimes physical scars. 

By calling it Child Sexual Abuse Material you acknowledge the reality for the child, remind the degenerate who made it what they’ve done and signal your and societies’ disgust that they stoop so low in our name.

You choose.


[1] As defined in the Directive 2011/93/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography

[2] Pulled together by ECPAT Luxembourg after significant input from a large number of experts in the area of child rights and child protection. http://luxembourgguidelines.org/

investment fraud – the dating site vector

so you’ve met a really hot chick on your dating site of choice.  you love the way she looks, you love the way she thinks, you love the way she tickles your fancy and makes you feel….

naturally you begin to trust her.  she clearly trusts you.  the clue is in how she shares intimate secrets with you, maybe even shows you more than normal in the live chat.

https.kami.com.ph

you get to chatting about how you earn your crust.  she does the same.  she makes good money in investments and she shares with you how you can make money in the same way. 

she let you in on the site she uses, the returns for modest investments and when you ask, or when she suggests you think why not…..

if something seems too good to be true, it probably is……..

some companies care about child safety and some…..

……and so it has come to pass.  The ePrivacy directive kicked in on the 20th of December.  This means two things – people have more privacy, a good thing and children are less safe online, not a good thing.

As explained in previous posts the ePrivacy directive coming into full force on the 20th of December means that companies who were voluntarily scanning for Child Sexual Abuse Material (CSAM) and patterns of Grooming could interpret the change as making their scanning activities illegal.

There is an active effort to bring in a regulatory framework that will cover these voluntary actions but this will take time and so a temporary derogation for a small number of articles was requested.   It is still under consideration by the EU Parliament, the EU Commission and the EU Council.

In the meantime, some companies have stood up and declared they not stop these efforts to keep children online while the political process continues.   These companies are Microsoft, Google, Linkedin, YUBO and ROBLOX.  Well done to all of you. 

Other companies have not stood up. We don’t know what they are doing because apart from Facebook they are saying nothing.

Facebook has declared that they will switch off scanning.  In a post on their blog they use a lot of language to basically say that they are choosing privacy over child safety.  This is a disappointing and strange decision given that they have been to the forefront of voluntary actions in the past.  At least they told us.  What of other companies?  The big ones? 

The political process continues, here is what you can do:

Talk to your local representatives and MEPs – list here .

and if you work for or use companies who provide online services other than those listed above, ask them stopping or continuing?

time is running out…..

There is 7 days to go until the ePrivacy regulation comes into force in the EU.  It actually passed in 2018 but member countries were given 2 years to prepare and so it “goes live” on 20th of December 2020.  [1] A temporary derogation applied for by the Commision has passed committe stage and now must get a reading in the plenary before being the subject of a trilogue. Is all this possible in 7 days?

Because it’s a regulation rather than a directive, it effectively supersedes existing law in member countries and therefore any laws passed locally since 2002 to meet the ePrivacy directive are effectively repealed.

The regulation, aimed at companies providing communication services in the EU, seeks to guarantee privacy through ensuring no interference or tracking of communications for marketing or other purposes.

One of the key unintended consequences of this regulation is that voluntary actions by the same companies to find, remove and report Child Sexual Abuse Material (CSAM) or Grooming activities on their networks will stop because companies cannot risk that they will be seen as illegal.

These voluntary actions are hard fought chips in the self-regulation wall that activists and advocates, even within the companies themselves, have achieved.  Stopping them in this manner is ridiculous and reduces the safeguarding opportunities for children being actively harmed.  Companies scan for CSAM with advanced technologies to ensure the privacy of their users in the same way they find, remove and report SPAM and malware.  Comparisons to someone at the post office opening every letter “IRL” are facetious and unhelpful.

Child abuse communication, whether grooming or CSAM, universally happens in private and the only people who know about it are the child and the abuser.  When the abuser shares the material there is an increased chance that it will be found, removed and reported to the police who can then take action to make the child safe.  There are very few other ways for people to find out about the abuse and help the child.

In an effort to avoid this unintended consequence the EU Commission has put a temporary derogation before EU lawmakers to stay just two articles within the regulation that will allow the voluntary actions to continue in the area of child abuse online only until they can get the law needed in place.  This temporary derogation has passed the committee stage and now will get its first reading in the EU Parliament then move into a formal “trilogue” or interinstitutional talks. 

The question is when?  The EU Parliament meets next week in plenary.  Will they do the first reading then?  When will the Trilogue meeting take place?  How long will it take?  Will they have this finalised and passed (without too much dilution) by 20th of December? 

I certainly hope so.

Here is what you can do:

Sign the petition

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.


[1] It’s full name is actually “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)” and it repeals the ePrivacy Directive of 2002.  

LIBE committee passes derogation

So today the LIBE committee voted overwhelmingly to allow the derogation to proceed to the plenary.  The vote 53 votes in favour and 9 against, 2 abstentions.

The derogation will now go for a vote to the European Parliament at the plenary sessions during the week of 14th to 17th of December 2020.  Having passed the LIBE committee, the derogation should be accepted by the parliament without too much drama.  However, it must then be discussed in the trilogue which may mean that it gets watered down. There needs to be strong representation for child safety as you can be sure there will be strong representation from the privacy side of the house.

Once that happens the real work begins to put in place the legislation that will provide the framework for finding, reporting and removing CSAM and grooming from networks.   That work will take many years.

The LIBE committee press release is here.

on voluntary actions to combat child sexual abuse

Companies exist to make money for their shareholders and it’s important to remember that when we discuss what they do to deal with anything bad that happens on their network.  That includes Facebook, Google, Twitter et al.

They have grown in a low-regulation environment, which was encouraged by governments all over the world. So dealing with the dark-side of social media and the human condition was always going to be a hard sell to their boards as it costs money and is the antithesis of profit making.  See line one of this post.

Unlike the EU, the USA brought in regulation relating to the online facilitation of child sexual abuse through a law stating that when a company is aware of Child Sexual Abuse Material and Grooming on their network they will report it to NCMEC.

NCMEC processes these reports and sends the “cybertips” to law enforcement all over the world for action.  These cybertips have saved lives and helped remove countless children from harm all over the world.

So, how does a company become aware of CSAM or grooming on their network?  Users reports, sure, but in most cases they are actively scanning their systems for evidence of it in the same way they do for viruses or malware. There are “voluntary actions”.

When the ePrivacy directive comes into force on the 21st of December of this year those “voluntary actions will stop – dead.

The EU commission wants to bring in a law similar to the US law and the procedure to report (EU Style NCMEC) and so has applied for a limited temporary derogation from a number of articles (5 (1) and 6)  in the ePrivacy directive that will maintain the status quo until new law can be drafted.

This derogation is currently under consideration at the European Parliament. If it passes, the status quo remains while the EU Commission prepares regulation in the form of law for 2021/22. If it fails, the voluntary action by these companies stop and there will be less children saved or removed from dangerous situations.

Here’s what you can do, as soon as possible:

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

abused children -the forgotten voice in privacy

Yesterday, a 36 year old man was prosecuted for sex offences in the United Kingdom. 

You’ll find quality reporting on the case in the local Eastern Daily Press

He pleaded guilty to intentionally causing or inciting boys to engage in sexual activity, blackmail, intentionally causing children to look at sexual images and intentionally facilitating the sexual exploitation of children by sending on images of those children. 

His name was David Nicholas Wilson and he pretended to be a teenage girl while grooming 51 boys aged from 4 (four) to 14 (fourteen). The NCA fear that his victims may actually number as many as 500 in the UK and abroad. 

This crime type is what we know in the trade as Online Sexual Coercion and Extortion of Children (OSCE) but the press generally simplify it to “Sextortion”.  There is a great detailed explainer on the Europol site here.

The thing about this crime type is that the multiplier effect of ICT allows one offender to contact thousands of children knowing that a percentage of them will respond and engage.  In this case his preferential target was young boys so most likely he was operating on gaming platforms before bouncing the ones who responded onto other platforms.

Now, while I do not have any knowledge of this case apart from the newspaper articles, I have read that the offender was traced because Facebook found abusive images, while scanning their network, that had been shared by young users to an apparent teenage girl; saw them for what they were and reported that to the National Centre for Missing and Exploited Children (NCMEC) in the USA. They passed the Cybertip to the National Crime Agency in the UK, who got a warrant to search the house of the offender and put him before the courts. 

NCMEC processes millions (6 zeros!) of these Cybertips every year from companies such as Microsoft, Google, Facebook, Yubo, Snapchat etc. and forwards them to law enforcement all over the globe for assesment and action where appropriate.

The above process is currently under threat from two directions:

  • The introduction of end to end encryption by Facebook on their messenger product

Safety –v Privacy is a complex area of society that needs proper, respectful and holistic debate. 

The 51 real life boys he abused should be more than a footnote in that debate.  It cannot just be an inconvenient truth to be brushed aside by privacy advocates and activists who rightly claim that all communications should be private. 

I fundamentally agree but argue that there is a difference between #privacy and #encryption.

There must be a middle ground where society can protect children and other vulnerable people from criminals like David Nicholas Wilson.

Please sign the petition

the derogation – a summary

This is an explainer the derogation being sought by the European Commision to Articles 5(1) and 6 of the ePrivacy Directive about to be updated by the Electronic Communication Code.  It’s a little technical and lawyerly but then all good legislation is.  This is my understanding of it and is subject to change since I’m not a lawyer.

The ePrivacy directive was issued in 2002 and with GDPR needed updating and this happened in 2018 as the European Electronic Communication Code.  It is a directive and all member countries must transpose it – make it law in their countries.  Failure to do this can result in legal action.

Now, countries had two years to transpose it and so all of the provisions of the EECC kick in on the 21st December 2020.  Definitions of electronic communications services and privacy will change and will include what are called “number-independent interpersonal communications services”.  This will include webmail, messaging services and IP telephony.  Essentially, therefore companies (such as Facebook, Google, Microsoft et al. who are now doing voluntary actions to find, report and remove Child Sexual Abuse Material and to find Groomers within their networks would run the risk of exposure to prosecution if they continued.

The derogation is simply a legal request to stay articles 5(1) and 6 of the ePrivacy for a short period while the commission gets a legal framework into place to allow companies to continue scanning for CSAM and Grooming activity. In other words, it’s asking tha tthe status quo remain in place for activities aimed at

The discussions as to whether the derogation will be allowed is ongoing and this is why we need to act now. 

As already stated, if the derogation is not accepted or is watered down, there is a major risk that all efforts currently being made to find, report and remove CSAM and Grooming stop.

Here is what you can do to help:

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

Read the excellent analysis of John Carr in his blog here, here and here

children’s rights always second to ideology and profit

We all know the damage sexual abuse does to children.  This is self-evident.  We also know that from a victim perspective to have been abused is one thing but to have images or movies of that abuse circulated online is quite another and an extra burden to carry through life.  Grooming too is an abhorrent crime that abuses trust, love, and confidence in other human beings and becomes something that stops a child’s development and sets it off on another path, mostly negitive. Both of these crimes have been hugely amplified by ICT and technology in general.  As Mary Aiken said “Human behaviour is often amplified and accelerated online, by what I believe to be an almost predictable mathematical multiplier, a “cyber effect”, arguably the E = mc2 of this century.”[1] 

Some companies take voluntary action on their networks to find, report and remove Child Sexual Abuse Material and Grooming activity.  What they find is staggering.  They scan using strong algorithms, hash and other signatures and false positives are possible but rare – just like SPAM, virus or malware scanning. When they find something they are oblidged to report it (in the USA).  

However, all this voluntary action is threatened by the fact that the EU Parliament and more specifically the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) is considering whether to allow a derogation to certain provisions of the ePrivacy Directive due to come into force on the 21st of December.  The temporary derogation has been applied for by the European Commission to allow them to propose a more permanent solution via legislation in Q4 2021. 

If this derogation fails to go through or is watered down in a wishy-washy way it will have a significant impact on the ability of law enforcement and civil society to fight online child sexual abuse and once again we will see that children’s rights are sacrificed on the twin altars of ideology and profit. 

I will post some more short explanatory posts on this issue in the coming days but in the meantime you can act by contacting your MEPs, your local reps and by signing the petition placed here by the NCMEC.  If this derogation fails, we all fail.

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

Read the excellent analysis of John Carr in his blog here, here and here


[1] Big Ideas in Cyberspace – Mary Aiken retrieved 23/11/20 https://www.eib.org/attachments/eib_big_ideas_life_in_cyberspace_en.pdf