The technology used to catch a Catholic deacon’s child porn

3/5/2013 2:19pm by 47

Verizon helped uncover that a Baltimore Catholic deacon was storing child porn on its “cloud” online storage system.

What fascinates me about this story is two-fold:

1) How did Verizon find the porn?  I have some ideas, explained below.

2) Under what authority did Verizon call the National Center for Missing and Exploited Children before even calling the cops? Actually, I just found out, it’s the law.  More on that in a moment.

I’m all for stopping child porn, but I am curious how Verizon was able to detect the man’s porn.  Do Verizon employees peruse anything and everything we post in their cloud?  That’s a bit creepy.  Do they have software that does it – the more likely option – but even that’s a bit odd.

I did some googling and found that one method is simply tracking file-sharing, like the way they catch people who download music without paying for it.

Another way is using software that takes known child porn photos (or video I suppose) and creates a digital signature for that photo – in the same way, I think, that Shazam identifies music by simply listening to it via your phone.  It turns that music, or photo, into its digital elements and then looks for other images (or music) that have the same digital signature.  Verizon could simply be doing the same thing with child porn videos and images on its cloud.  They’d get the software and have their software sift through everyone’s cloud looking for known contraband, in essence.  Because it’s a machine doing it, and not a person, in principle the privacy violation is minimized as the machine would ignore any images or videos that do not match the contraband’s signature.

It’s an interesting way of doing it, and does lessen the privacy concerns.

Here’s another method the FBI has come up with:

The FBI has recently adopted a novel investigative technique: posting hyperlinks that purport to be illegal videos of minors having sex, and then raiding the homes of anyone willing to click on them.

Undercover FBI agents used this hyperlink-enticement technique, which directed Internet users to a clandestine government server, to stage armed raids of homes in Pennsylvania, New York, and Nevada last year. The supposed video files actually were gibberish and contained no illegal images.

My concern, as a journalist, is what if someone clicks on the file because they’re writing a story about child porn?  I’ve never seen child porn, I have no idea what it is, or how bad it is, though I can imagine. I could imagine someone doing the due diligence and wanting to see what this industry is really like if they’re trying to explain to the reader just how bad it really is.  Consider the fact that I was just searching for an image to put with this story, using a big image database service that we use, Shutterstock.  I tried “jailed priest” and “criminal priest” but didn’t come up with much. I then thought maybe “child porn?”, but then suddenly stopped myself for fear of even typing in the search term, lest it signal something somewhere to someone.   That’s perhaps not a big deal, but it still seems a bit odd to me in some ways.

As for why companies are contacting the National Center for Missing and Exploited Children instead of the police, apparently it’s the law:

Shehan explained that companies such as AOL, Google, Yahoo, Microsoft and Facebook have been legally obligated since 1998 to contact his organization [the National Center for Missing and Exploited Children] when they find child porn on their network. In the beginning, that meant companies simply alerted the center when one of their customers told them about child porn. Over the past several years, however, many of the companies started using software to actively scour their networks.

I’d be intrigued as to why have companies contact NCMEC rather than law enforcement directly.  It just seems odd empowering a private organization with law enforcement powers, particularly when dealing with privacy concerns.

There are also, concerns, about false positives:

While law enforcement officials praise the technology as a valuable tool in the fight against child porn, privacy advocates worry about how often PhotoDNA wrongly flags an email as containing child porn.

Giving Microsoft’s “best estimates,” Doerr said the software returns false positives about once in every two billion images – maybe even less often. She added that some of those false alarms were still child porn; the software flagged a similar photo that was taken shortly before or after the one in the database.

With the volume of images currently posted on the Internet, however, that could mean multiple false alarms per week. More than 144 billion emails were sent each day in 2012, according to The Radicati Group, a technology research firm. Facebook says 300 million new images are uploaded to its site every day.

And while GOP crazies claim that there is no violation of privacy here, I’m not so sure.

The scans are legal because no governmental entity is asking the companies to look at their customers’ emails, said Brian J. Gottstein, a spokesman for Virginia Attorney General Ken Cuccinelli.

“These are private companies acting independently of law enforcement to ensure that their private servers are not used to store or traffic contraband,” he said. “It is analogous to FedEx or UPS reporting a package they suspect of containing narcotics to authorities.”

First clue that something’s wrong here? The source is Virginia’s far-right bigoted Republican attorney general.  But put that aside for a moment, this isn’t like FedEx or UPS unless FedEx and UPS are searching every single package for contraband.  Perhaps they are, but that’s what this is analogous to.

I forget which show I was watching recently – perhaps Continuum or perhaps Fringe – but they were talking about how technology in the future kept people honest by recording every single moment of their day, and thus people had an incentive to be honest, since they wouldn’t want to be caught doing bad things.  Maybe.

While I get the need for these child-porn snooping technologies, and I do think that the software sounds minimally invasive if in fact you aren’t trafficking in child porn, it still smacks of a bit of a Little Brother, if not Big Brother.  Because of the technological revolution brought on by the Internet, so much of our private lives, from banking, to medicine, to dating, to sex has moved online.  Once upon a time you only had to worry about school transcripts, a criminal record, and your debt payments following you around for life.  Now you have to worry about Verizon and AOL and Skype having God knows what stored in their computers about you, and for God knows how long?

Ask the average American if, and for how long, their cell phone provider keeps copies of their text messages, and under what circumstances they can be released to a third party, and they’d probably shrug.  The technology has so gotten ahead of us, that most people have given up worrying about it.  As a result, we’re telemarketed to death based on information we never even contemplated someone having collected about us, let alone aggregated in one place.

So catching child porn, good thing.  Snooping through our entire lives in order to catch them, not so much.

Print FriendlyPrint


@aravosis | Facebook | Google+. Editor of AMERICAblog, joint JD/MSFS from Georgetown, worked in the US Senate, World Bank, Children's Defense Fund, and as a stringer for the Economist. A frequent TV pundit, he has been on The O'Reilly Factor, Hardball, World News Tonight, Nightline & Reliable Sources. Full bio and .

Share This Post
  • http://www.facebook.com/onceuponapriori Jared Nuzzolillo

    Your irrelevant politically polemical statements were… irrelevant. Otherwise, interesting article.

    • http://AMERICAblog.com/ John Aravosis

      I have no idea what you’re talking about, but glad you found it interesting :)

  • http://www.marketmentat.com/ Kratoklastes

    As I wrote in about 2004: paedos are the ‘go to’ group used as the ‘tip of the spear’ when the degenerate megalomaniacal sociopaths of .gov want to raychet up their invasions of people’s liberty: since the average person would support almost any level of intrusion into the life of a paedophile, they are perfect as the first ‘victims’ of new surveillance tech.

    To paraphrase Neimoller: “First they came for the paedophiles, which is pretty good coz I really hate those guys.”

    “We search the cloud for child porn” will get a big “Yay!!!Eleventy!!!1!!” from the soccer-Mom brigade (who have been encouraged to think that any man who smiles at their kid is a paedophile).

    From there, “We search the cloud for terrrrrrrists”, and then “We search the cloud for whatever we feel like – get over it. Here’s a letter from one of our lackeys at the DoJ that says it’s fine for us to do so.”

    And when it gets to “We put these shock collars on paedophiles”, soccer-Moms (and other empty-headed receptacles of propaganda) will cheer, just as their intellectual antecedents cheered when peasants were hanged at Tyburn and when slaves were killed for sport at the Coliseum.

    Here’s the thing: if you look at “literacy and life skills” surveys, roughly half the population is incapable of following the instructions on a pill bottle (despite over 100 years of forced primary education). These folks do not have the wherewithal to comprehend nuance, or to understand the consequences – budgetary or otherwise – of things they are led to support.

    Throw in that 68% of people (according to a Pew poll in 2007) believe that “angels and demons are active in the world” – and only 14% dismiss it outright – and it’s clear that a large slab of our fellow humans are not playing with a full cognitive deck.

    So take such a population, and have them spend 10 hours a day (including commute) doing something stultifying, and then sit them in front of a slickly-produced audiovisual presentation that tells them what to think… having made them make a pledge to a piece of cloth every morning for their entire childhood (as they do in North Korea).

    People are, by and large, not literate consumers of information: they are constantly-tired, badly-educated, semi-literate… and prey to the parasitic high-functioning sociopaths who seek to live at our collective expense.

  • condew

    Since closeted gay politicians have been the most stridently anti-gay opressors; what does it tell you about our law enforcement people who are so stridently anti-child porn that they will bypass the constitutional guarantees against unreasonable search and seizure?

    • http://www.marketmentat.com/ Kratoklastes

      THIS.

  • nicho
  • SkippyFlipjack

    “I’ve never seen child porn, I have no idea what it is.” I think everyone probably has an idea what it is without having seen it. (What it isn’t is Jock Sturges.)

    • nicho

      I think many people really don’t know how repulsive it is. It’s that bad.

      • condew

        Still, it seems un-American to convict someone for a crime, and threaten anybody who wants to see the evidence that if you look at it, we’ll lock you up, too. Chilling to the press and not in the spirit of a citizen’s right to face their accuser. It gets to be a lot like accusing someone of being a terrorist can strip them of their rights; now allege that some particular file matches the “fingerprint” of child porn and you are guilty until proven inocent; but you can’t ask anyone to see for themselves that there’s no crime because if they look they become a criminal, too.

  • http://www.facebook.com/iBoy2G Justin Graziano

    I heard about the fake link nonsense last year or so, I really can’t believe that. If a computer hacker or virus developer were to somehow get ahold of these fake links, they can incorporate them into a virus and essentially get armed FBI agents to break down the doors of everyone who gets the virus. This is unbelievable. I know child porn is bad but this is getting to be like the “war on terrorism”, its just an excuse for the Government to spy on you. But even if there WAS a way to detect a pervert from an accidental click, why waste money on it? Government resources and money are limited, they need to focus on finding child MOLESTERS, people that MAKE child porn, who gives a crap about some pervert that watches it?

  • http://michaelhawthorneonline.com/ MikeinSanJose

    Are owners of the cloud storage networks liable for everything their customers store there? Could they be prosecuted if the cops found this illegal material first?

    I know homeowners are liable if their teen is storing a dead body in his closet. Do the owners of retail rental storage units have the right to break in and ‘confirm’ that no contraband is being stored on their property? How is what Verizon and Company doing any different? Does free vs. paid storage make a difference?

    Show of hands… how many here believe child porn is the only thing they’re looking for?

  • nicho

    The scans are legal because no governmental entity is asking the
    companies to look at their customers’ emails, said Brian J. Gottstein, a
    spokesman for Virginia Attorney General Ken Cuccinelli.

    That’s kind of a cop-out. In many instances, these corporations are acting as government informers — unofficially, of course, but not far different from the East German Stasi. If the corporations will do the government’s bidding without the government even asking, then we’ve entered a new dimension. The government can stand back and claim it never invaded anyone’s privacy.

    Think back to the scene in The Godfather at Mama Corleone’s funeral. Michael embraces Fredo next to the casket and, while doing do, gives a meaningful glance at one of his bodyguards. Within days, the bodyguard puts a bullet into Fredo. Michael never asked him to.

  • OtterQueen

    Well, that’s disturbing. Years ago, I was playing around with some file sharing site and I mentioned to my friend that it contained links to what appeared to be child porn. The file names were something like “horny-13-year-old-goes-crazy-for-sex” and other overtly child-porny names. She said that none of the files actually showed underage girls, that the names were misleading. I found that odd, but never thought much about it. Now I wonder if they were they put there to try to entrap people?

  • condew

    A “fingerprint” that is 99.9% correct worries me a lot less than one that is 99.999% correct, because when the technique is 99.999% correct there is a strong urge to assume guilt or make it a summary offense, even thought 1 in 100,000 people is falsely accused. Imagine your credit report having a line in it “downloaded child porn” based on an only “slightly” flawed algorithm.

  • MyrddinWilt

    They use fuzzy image matching software. Take a look at tineye.com

    The reason a lot of info is funneled through private exchanges rather than to the police direct is that the FBI is a one way information sink hole. They cannot analyze any information, comment or share in any way. So there is a network of quazi private organizations that work so closely with law enforcement as to be indistinguishable.

    What worries me is that the cloud storage has direct access to the data at all. I would not want to store unencrypted data at a cloud site and as a site operator I sure as heck would not want to accept it.

    The false positives thing is real and compounded by people tricking people to follow links.

    • SkippyFlipjack

      Just a guess, but I doubt they’re doing what Tineye does. Tineye searches for an exact image using a database of image fingerprints they’ve compiled, using fuzzy logic to match altered versions. If you are trying to match an image of George Clooney you want that exact image of Clooney, not just any image of Clooney. In Verizon’s case they’re trying to find images that match general characteristics. I’d imagine if they were looking for kiddie porn they’d use face recognition software to recognize faces (like iPhoto and Facebook) and filter for faces that match the proportion of child faces, and also look for a high percentage of flesh-toned pixels. I’m sure there are a bunch of products that do this; weeding out kiddie porn is essential for all the file storage and photo sharing sites out there.

  • Indigo

    If it’s private, put it on a flash drive and put the flash drive in your pocket.

    • nicho

      The problem is that if it existed at all on your hard drive, for any length of time, it is still there, unless you know how to completely erase that data. Just “deleting” it won’t do it. That’s what gets people into trouble time and time again. It’s also a clue that when the experts can’t find “accidentally deleted” files on a politician’s computer — Mitt Romney’s gubernatorial records, for example — the deletion wasn’t accidental. It was on purpose and the tracks were covered.

  • MonkeyBoy

    I’m guessing that ISPs etc. don’t deal with the false positive problem. When they computationally sniff something that might be known child porn it gets sent to NCMEC for verification. Someone (NCMEC I presume) has a huge database of all digital child porn that has been ever found and they are the ones that compute from that database the hash codes and other signatures that are sent out for the sniffers to use.

    I would guess that NCMEC, to verify a hit, can run a more computationally expensive match against what they have, and only when it is a very good match but not an exact match does some human have to look at it.

    Whoever has the database is not going to give access to outside agencies or companies so that is why I think the verification process works this way.

  • nicho

    If most people really knew how much information corporations already have about them — and used for marketing and other purposes — they would rise up in revolt.

    • Ninong

      They know absolutely everything there is to know about you if you have ever:

      Filled out one of those application forms at your local supermarket to get one of their “discount” cards, without which you would pay a much higher price on many of their items.

      Ever used a credit card to pay for your purchases when buying anything at the supermarket, pharmacy, or almost any other place.

      Ever filled out anything online for anything you can think of, including registering for Facebook or one of the other social networks.

      Ever clicked on anything online to see what the article was all about.

      All of that gets aggregated and by people like Google and just about anybody else in the world involved in marketing and who knows how much of it is shared. They already know what brand of toothpaste you buy and how much of it. How often you buy booze or cigarettes or condoms or baby diapers or baby food or whatever. If you’re a woman, they know ahead of time that you’re pregnant because they pay well for that information.

      I hate to think of how many different lists there are out there. In many states, you can buy lists from DMV giving you all of the registration information on every vehicle in that state. You could see exactly what cars someone owns, their registered address, phone numbers, etc… sorted anyway you like. I believe California stopped doing that about 30 years ago but other states did it and I think they still do. In California the DMV allows only a couple of people at each dealership legal access to their computer system to check a vehicle’s ownership by VIN or license plate number. That way the dealership can avoid taking in a stolen vehicle. And they have to have a legitimate reason to look it up, not just because they forgot to get their customer’s address and phone number. You would be amazed at how many people try to trade in their grandmother’s car or their estranged wife’s car without permission.

      • nicho

        There was a situation a while back where a company could tell by things you purchased whether you were pregnant. Then, they would send you offers and other things for pregnant women. In more than a few cases, the pregnant woman was a teenager who hadn’t told her parents yet. Things got pretty messy.

      • anirprof

        Quite a few municipalities now have automated license plate readers stationed at key intersections, or just running in police cars as they cruise around (the technology is fully automated — a cam with a wide angle lens on a dashboard can automatically find and read all the license plates in front of it, continuously. A few of those cities make all the plate hit data available via public records requests and there are indeed marketing firms buying up such data en masse.

  • goulo

    The “war on child porn”, like the “war on terror”, is used to justify all manner of violations of privacy and legal abuse. There are cases of people arrested and people who’ve been sent to jail simply for writing textual fantasies with children (i.e. no real children involved, no photography of real children) only for their own use (not distributing them to other computers or people). Cases of parents in trouble for photographing their own kids taking a bath. Etc. The entrapment for clicking on a link, which you mentioned, is another good example.
    Not to mention that so many people’s computers get infected/hacked and remotely operated by hackers these days, that I expect to see instances of maliciously putting child porn on a target’s computer to frame them and get them in legal trouble which would prove very hard to get free from.

    • colleen2

      There are cases of people arrested and people who’ve been sent to jail
      simply for writing textual fantasies with children (i.e. no real
      children involved, no photography of real children) only for their own
      use (not distributing them to other computers or people).

      Good.

      • nicho

        Yes, definitely, thought crimes should be severely punished. Even if you think of doing something bad, you should go to jail for life — whether you did anything bad or not.

        • colleen2

          I had intended to convey lack of sympathy for someone who creates his own rape porn.
          Was I being too uppity?

          • nicho

            You wrre advocating policing people’s thought. Uppity. No. Stupid. Definitely.

            • colleen2

              My apologies. I’m so stupid, I wasn’t even aware I was advocating for anything. I thought I was just somebody who was raped many times as a child and am indifferent to the fate of pedophiles. I’m not even a lawyer or anything. I’ll be quiet now.

              • goulo

                You seemed to be advocating for people being sentenced to prison for writing a personal diary or fantasy which they don’t even publish or show to anyone else.

                And if an author like Stephen King writes a story where someone sexually mistreats a child and the author gets sent to prison for writing this story, would you say “good” to that too?

        • http://www.marketmentat.com/ Kratoklastes

          Dude, comedic irony won’t work on someone as incapable of cognition as that.

          I wonder if she has a copy of “50 Shades of Grey”? You know, the uber-popular women’s novel that includes acts by the protagonist that fit the legal definition of rape.

          If you ever wondered how on earth the book-burners of history (the main one being he Catholic Church, not the little Austrian guy with the Charlie Chaplin ‘tache) got such widespread support, you need look no farther than the comment to which you replied.

    • nicho

      I expect to see instances of maliciously putting child porn on a target’s computer to frame them

      You don’t think that hasn’t happened yet. Look at all the people whose activities became “inconvenient” to the corporatocracy and were soon found to have child porn on their computers.

      • Kalil Chernov

        The principal of my high school was an execrable excuse for a human being, but I strongly suspect that his child porn conviction had more to do with the fact that his passwords were known to the entire student body than any particular perversion.

      • Asterix

        I have seen similar things happen. In one case, a CFO was suspected of illegal financial dealings but the accountants couldn’t find anything wrong with the books. However, an employee used his computer to do some porn-surfing and the said CFO (female, if that matters) was given a choice of admitting to a lesser financial crime or facing charges for distributing child pornography. She took the lesser of the two, paid a fine and received a suspended sentence.

        The threat of being prosecuted as a sex criminal apparently makes being a money launderer seem small potatoes by comparison.

    • http://www.marketmentat.com/ Kratoklastes

      “I expect to see instances of maliciously putting child porn on a target’s computer to frame them” – you would be genuinely shocked if you knew just how easy it is to do that.

      If you don’t know how to do it yourself, you can find someone on the darknets (freenet and some TOR hidden sites) who will do it for you for $25.

      If I was less constrained by a foundational commitment to the non-aggression principle, I would do that to everyone who brays “Good” when they hear about the violation of someone’s liberty (like Colleen2 below) – just so they know what the ramifications are of being falsely accused of a crime designed to elicit a knee-jerk response from the Deltas.

      To slightly re-work what Chomsky (of whom I am NOT a fan) wrote once: if we don’t believe in preventing the violation of the rights of people whose values we despise, then we don’t really believe in rights-protection at all. (Chomsky only mentioned free speech, but the principle is applicable).

  • reno_expat

    re: Your concerns as a journalist. I am an academic and am involved in a research project about prosecution of sex crimes. As part of the training I went through for this project, I met with local police and had it explained that child pornography was a crime and academic research was no shield. This was in response to a question from the PI on this project about doing research into the individual crimes we would be studying in the aggregate. My project can easily go on without ever coming close to this line. I also recognize that this may be different for a journalist who felt they needed a different kind of understanding for their article. In this case, I can’t say I am particularly bothered by the inability of people to look at this material even when the goals are something entirely different

    • http://AMERICAblog.com/ John Aravosis

      Yeah, but we’re talking apples and oranges. I write commentary. You’re talking about an academic examination of prosecutions, and it may be entirely irrelevant to your research exactly what the details of the crime are. If I’m writing a major treatise about just how bad these crimes are, and I’ve never seen an example of what it even is, I think that undercuts the writer’s ability to convey to the readers just how obscene some of this stuff is – or at least it could undercut, much more than a statistical analysis of prosecutions for example.

      Though I recall hearing about people caught in such webs and claiming it was a journalistic inquiry, and I kind of went “yeah sure.”

      • anirprof

        A relative of mine is a criminal defense attorney who has handled several child porn cases. As a journalist, if you clicked on that link and pulled up a pic, they could absolutely convict you for it — even if you never saved the photo, just “possessed” it in RAM temporarily. The laws recognize very strict liability, no journalism exception, no nothing. For example, one need not even know that the image was of a minor (e.g., if you sincerely thought something was legal, and most reasonable people would agree, if it turns out the subject was a 17 year old you still go to jail). You barely need to know that you even have it on your PC. There have been cases where thumbnails left in a web cache, possibly which came up on a page with many thumbnails without direct intent to access the offending images, have been enough to convict.

        As a defense attorney, my relative was only allowed see the evidence in the cases briefly, in a law enforcement office on a law enforcement computer. Defense attorneys too are granted no possession exception, which limits their ability to do independent forensic analysis. That said, in these cases the guys were guilty as all sin with PCs just loaded with that crap, no question of knowledge or entrapment.

        • goulo

          Curiously, the government agents who possess the porn and set it up in the trap website somehow don’t get persecuted for possessing the porn … Of course we must accept that they are our betters and know better than us…

          • http://www.marketmentat.com/ Kratoklastes

            I don’t really want to be seen as defending entrapment, but it’s pretty clear from the post that the overwhelming majority of these ‘sting’ operations use files that have no actual content.

            That said: if you want to hunt for paedophiles, the first place to look ought to be in any position of politically-supported power: clergy, politics, police, judiciary.

            When some clever folks decided to actually check who was doing all the clicking, it turned out that about 5200 people at the Pentagon downloaded [what they thought was] child porn. I’ll try to find the link to the story and will post it as an edit.

      • SkippyFlipjack

        Pete Townshend, for one

    • nicho

      I remember back in the ’70s, when you’d run into people unexpectedly in a gay bar, it was amazing how many of them were “doing research for a sociology paper.”

  • Naja pallida

    There’s a big problem with cloud storage, in that law simply has not caught up to the technology in the real world. And one could easily make a case (and have) that the company is liable for anything stored on their servers. So that automatically makes any company which operates such a server to have a vested interest in what their customers are storing there, and to make sure they they can show that they are doing everything they can to prevent the use of their servers for illegal activities. Personally, I’m not a fan of cloud storage specifically for privacy purposes, and that hard drives are relatively cheap these days, so if one were so inclined, one could set up their own home file-storage server with a full backup system, for a reasonable price without having a whole lot of technical know-how.

    • http://www.rebeccamorn.com/mind BeccaM

      In other words, they easily catch the lazy, non-technically apt pedophiles, in much the same way it’s not the big music-sharers and software crackers who get caught and prosecuted, but the little fish.

      • Naja pallida

        Pretty much. You don’t think it’s a single priest who is taking these pictures and disseminating them all over the internet? He’s getting them from somewhere… and you rarely ever hear about them breaking up the rings, just the individuals participating.

        • http://www.rebeccamorn.com/mind BeccaM

          Rarely, but it does happen. A couple weeks ago, some moron tried to claim that pedophilia was mainly an American problem, and a casual Google search turned up a huge European ring that had been broken, with hundreds of arrests in something like a dozen different countries.

          The aspect in all this that concerns me is how easily someone could be framed, whether by a criminal or one’s own police or gov’t. And how when someone is accused of perusing this kind of porn, immediately their reputation is ruined, and presumed guilty until proven innocent, not unlike being accused of terrorism ties.

          • Naja pallida

            Well, Americans are the world’s largest consumers of pretty much everything (except perhaps common sense). No doubt that includes child pornography… and like many other illegal and illicit things, other countries have thriving black markets to feed that giant cash cow. Certainly doesn’t mean the problem is only ours, it obviously is not, but I’d be willing to bet Americans do drive much of the demand.

© 2013 AMERICAblog. All rights reserved. · Entries RSS