abused children -the forgotten voice in privacy

Yesterday, a 36 year old man was prosecuted for sex offences in the United Kingdom. 

You’ll find quality reporting on the case in the local Eastern Daily Press

He pleaded guilty to intentionally causing or inciting boys to engage in sexual activity, blackmail, intentionally causing children to look at sexual images and intentionally facilitating the sexual exploitation of children by sending on images of those children. 

His name was David Nicholas Wilson and he pretended to be a teenage girl while grooming 51 boys aged from 4 (four) to 14 (fourteen). The NCA fear that his victims may actually number as many as 500 in the UK and abroad. 

This crime type is what we know in the trade as Online Sexual Coercion and Extortion of Children (OSCE) but the press generally simplify it to “Sextortion”.  There is a great detailed explainer on the Europol site here.

The thing about this crime type is that the multiplier effect of ICT allows one offender to contact thousands of children knowing that a percentage of them will respond and engage.  In this case his preferential target was young boys so most likely he was operating on gaming platforms before bouncing the ones who responded onto other platforms.

Now, while I do not have any knowledge of this case apart from the newspaper articles, I have read that the offender was traced because Facebook found abusive images, while scanning their network, that had been shared by young users to an apparent teenage girl; saw them for what they were and reported that to the National Centre for Missing and Exploited Children (NCMEC) in the USA. They passed the Cybertip to the National Crime Agency in the UK, who got a warrant to search the house of the offender and put him before the courts. 

NCMEC processes millions (6 zeros!) of these Cybertips every year from companies such as Microsoft, Google, Facebook, Yubo, Snapchat etc. and forwards them to law enforcement all over the globe for assesment and action where appropriate.

The above process is currently under threat from two directions:

  • The introduction of end to end encryption by Facebook on their messenger product

Safety –v Privacy is a complex area of society that needs proper, respectful and holistic debate. 

The 51 real life boys he abused should be more than a footnote in that debate.  It cannot just be an inconvenient truth to be brushed aside by privacy advocates and activists who rightly claim that all communications should be private. 

I fundamentally agree but argue that there is a difference between #privacy and #encryption.

There must be a middle ground where society can protect children and other vulnerable people from criminals like David Nicholas Wilson.

Please sign the petition

the derogation – a summary

This is an explainer the derogation being sought by the European Commision to Articles 5(1) and 6 of the ePrivacy Directive about to be updated by the Electronic Communication Code.  It’s a little technical and lawyerly but then all good legislation is.  This is my understanding of it and is subject to change since I’m not a lawyer.

The ePrivacy directive was issued in 2002 and with GDPR needed updating and this happened in 2018 as the European Electronic Communication Code.  It is a directive and all member countries must transpose it – make it law in their countries.  Failure to do this can result in legal action.

Now, countries had two years to transpose it and so all of the provisions of the EECC kick in on the 21st December 2020.  Definitions of electronic communications services and privacy will change and will include what are called “number-independent interpersonal communications services”.  This will include webmail, messaging services and IP telephony.  Essentially, therefore companies (such as Facebook, Google, Microsoft et al. who are now doing voluntary actions to find, report and remove Child Sexual Abuse Material and to find Groomers within their networks would run the risk of exposure to prosecution if they continued.

The derogation is simply a legal request to stay articles 5(1) and 6 of the ePrivacy for a short period while the commission gets a legal framework into place to allow companies to continue scanning for CSAM and Grooming activity. In other words, it’s asking tha tthe status quo remain in place for activities aimed at

The discussions as to whether the derogation will be allowed is ongoing and this is why we need to act now. 

As already stated, if the derogation is not accepted or is watered down, there is a major risk that all efforts currently being made to find, report and remove CSAM and Grooming stop.

Here is what you can do to help:

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

Read the excellent analysis of John Carr in his blog here, here and here

children’s rights always second to ideology and profit

We all know the damage sexual abuse does to children.  This is self-evident.  We also know that from a victim perspective to have been abused is one thing but to have images or movies of that abuse circulated online is quite another and an extra burden to carry through life.  Grooming too is an abhorrent crime that abuses trust, love, and confidence in other human beings and becomes something that stops a child’s development and sets it off on another path, mostly negitive. Both of these crimes have been hugely amplified by ICT and technology in general.  As Mary Aiken said “Human behaviour is often amplified and accelerated online, by what I believe to be an almost predictable mathematical multiplier, a “cyber effect”, arguably the E = mc2 of this century.”[1] 

Some companies take voluntary action on their networks to find, report and remove Child Sexual Abuse Material and Grooming activity.  What they find is staggering.  They scan using strong algorithms, hash and other signatures and false positives are possible but rare – just like SPAM, virus or malware scanning. When they find something they are oblidged to report it (in the USA).  

However, all this voluntary action is threatened by the fact that the EU Parliament and more specifically the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) is considering whether to allow a derogation to certain provisions of the ePrivacy Directive due to come into force on the 21st of December.  The temporary derogation has been applied for by the European Commission to allow them to propose a more permanent solution via legislation in Q4 2021. 

If this derogation fails to go through or is watered down in a wishy-washy way it will have a significant impact on the ability of law enforcement and civil society to fight online child sexual abuse and once again we will see that children’s rights are sacrificed on the twin altars of ideology and profit. 

I will post some more short explanatory posts on this issue in the coming days but in the meantime you can act by contacting your MEPs, your local reps and by signing the petition placed here by the NCMEC.  If this derogation fails, we all fail.

Sign the petition

Further reading/ watching:

Talk to your local representatives and MEPs – list here .

Support your local InHope Hotline

Read more and see the supporting evidence of what stops if this derogation fails to pass here.

Read the excellent analysis of John Carr in his blog here, here and here

[1] Big Ideas in Cyberspace – Mary Aiken retrieved 23/11/20 https://www.eib.org/attachments/eib_big_ideas_life_in_cyberspace_en.pdf