Slashdot Mirror
ISPs to Create Database to Combat Child Porn
BlueCup writes to tell us that several media companies are banding together to create a database of child pornography images to help law enforcement officials combat distribution of questionable material. In addition to the database several tools and new technologies are also planned but most notable is what some perceive as a willingness to cooperate which critics say has been lacking in the past. From the article: "Each company will set its own procedures on how it uses the database, but executives say the partnership will let companies exchange their best ideas — ultimately developing tools for preventing child-porn distribution instead of simply catching violations."
Wanna bet that some slimey police exec is helping himself with those images?
Anyway, it's just another case of "think of the children!!1"
This is a great idea. With a couple of tiny issues.
ISPs have long said that they are just carriers and are not responsible for the content they provide access to. As soon as the technological solution for implementing a "content filter" is there, RIAA and friends will _require_ ISPs to use it for that purpose as well.
This is completely ignoring the technical stupidity of trying to "fingerprint" media that is _not_ going to be transferred in plaintext.
...stopping the proliferation of nuclear weapons by creating a massive stockpile?
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
I hope they apply a strong hash - I certainly wouldn't want to be the victim of a collision. Which also makes me wonder - though some hashes havn't been broken yet they likely will be in the future - does this mean pedos will get off scott free because it might have just been a collision?
Child porn is the darkest side of the internet. Its the thing all net users should be on guard for, and the argument invoked against the internet by countless alarmists.
However, I don't agree with this database. Keeping these images, even for law enforcement purposes, is a violation of the privacy of children who have already been subjected to a horrific violation. Leave them alone already.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
What exactly is different between Company A (ISP) and Company B (Offshore Freakshow) amassing a huge database of child porn? Company B is probably even in a jurisdiction where having it is legal by local laws, but Company A is certainly not. We have zero tolerance laws so strict they ruin people's lives for a banner ad containing a legal model that simply wasn't documented properly. So how come it doesn't apply here?
~Rebecca
This can be problematic and annoying for users when the databases aren't correctly updated. A case in point: the Internet Watch Foundation maintains a database of child porn / other obscene URLs so that ISPs can take that list (hashed, so the URLs are not revealed) and block them.
Recently, a popular imageboard at http://img.4chan.org/b/imgboard.html has been added to that list for reasons unknown. Several UK ISPs, including BT Internet and NTL, have blocked that URL. Complaints to either the ISPs or the IWF from both the users and the site admin have gone unanswered. I am personally quite annoyed by this as I'm a regular user of that board.
It's this sort of unaccountable censorship of the Internet that makes me suspicious of such 'helpful' databases.
how many ways can these pictures be hidden?
zip, rar, and other compression formats
encrpyted
hidden inside other files (stenography)
the list goes on...
these people should learn, you cant fight the internet
AOL, for instance, plans to check e-mail attachments that are already being scanned for viruses. If child porn is detected, AOL would refer the case to the missing-children's center for further investigation, as service providers are required to do under federal law.
Sounds like one of those 'good on paper' ideas that later spins itself into a slavering monster that eats half the internet. What's to say they don't start scanning for other things? Is the RIAA going to be knocking on my door because I sent an AOL member a Metallica MP3?
from tfa: "the goal is to ultimately develop techniques for checking other distribution techniques as well, such as instant messaging or Web uploads"
so they will be scanning our web traffic in real-time to determin if we are sharing child porn?
anyone else see this and think something along the lines of "this is just a 'think of the children' excuse to implement advanced monitoring systems, which in due time the govt. will take over 'in the public interest'"?
These online companies were previously protecting themselves from liability for their customers' transmissions by claiming that filtering this data would be an expensive and prohibitive task. By volunteering this service, they've crossed that line. It should be possible for the music companies, MPAA, etc. to demand filtering as well.
It's a pretty stupid plan nonetheless. These digital fingerprints will only catch casual or newbie child porn traffickers. Encryption will easily render these fingerprints useless. The worrisome side effect is the false positives that will be triggered by this fingerprinting technique. As an example, try using one of those packages that tries to tag your mp3s by fingerprinting... Pretty unreliable stuff.
Seth
$5 / month hosted VPS on linux = awesome!
No a troll but a serious question.
.. I knew I should have read TFA .. they are advocating an automated process that is trained to recognise signatures of pics that are deemed to be bad. If they can do that for $1,000,000 I will be really surprised, as I don;t think it has ever been sucessfully done before for any type of image. I wonder who sold them this snake oil (again)
How do they categorise what is collected in their database as child porn? I have yet to see an automated system that can look at a photo and describe what it is (although several have been promoted over the years) I imagine that the decision as to what category the pics falls under must be made by a human. So my question is whose standard do they apply for the process?
I can see that this process could be very arbitrary. So while I am not advocating child porn, I can also see that the data collection process could get very messy and have lots of false positives and negatives. and like the TSAs no fly list, could be very hard to get off it once you are on.
Oh shit
I am Slashdot. Are you Slashdot as well?
...those who speak up against this incredibly stupid idea are just latent child porn users. Voila, more people you can potentially detain if you see fit.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Que jokes about British Government instead. 1. The database is already out there under the name "CleanFeed" invented by BT a while back. 2. The government has badgered a large proportion of UK ISPs to use it by now regardless of their relationship with BT. That includes ones with their own DSL networks based on unbundling and most of the ones which buy BT DSL wholesale. 3. The implementation as mandated amidst other things allows transparent redirect to other URLs which whoever "controls" clean feed can supply if need be. Now the obvious 2 million pound question question is what exactly prevents Antonio Bliar and his liar cronies from feeding URLs into the database which redirect people from sites that go against their liking. The database is already there, operational and defective as well: http://www.cl.cam.ac.uk/~rnc1/. Move along people, nothing to see. Business as usual.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
I don't think this scheme is intended to catch all child porn traffickers. Just the easy-to-catch idiots. And there are plenty of them out there. Think of all the dudes you read about who get busted because they brought their laptop to CompUSA for repair and the techs found a folder titled 'young' on the hard drive.
Don't get me wrong.. I'm 100% opposed to this system.
Seth
$5 / month hosted VPS on linux = awesome!
Petaphiles of disk space.
*rim short*
Thank-you, thank-you, I'll be here all week
I am Slashdot. Are you Slashdot as well?
RTFA - no way! Not when the link is on the words "database of child pornography"... I can imagine the headlines now... 3,000,000 /.ers arrested for paedophilia!
Time is an illusion. Lunchtime doubly so. - Douglas Adams
The subject is really complicated, here you have a conjunction action from the top ISP companies, but there are some things we must know.
This means that if "somebody" sends to me an image that triggers the filter I'm gonna be a "suspect" (at least for a while) so AOL refer the case and 1 minute later i have an investigation running on my private emails.
BTW... i don't want to sound paranoid, but this is a "way to start", then the database can include another kind of images (who knows?). Or just filter anything they want. The comparison with the Antivirus system (intentionally and not so technical related) put me more alert.
I don't want to sound liberal, I'm against child pornography, but i think that this is not the way to fight against it. If some sick-man (A) have a picture of some-more-sick-asshole(B) doing nasty things with a child, he(A) is a sick person but not a criminal, the asshole(B) must go to jail because he abuse (mental and physical) the boy (the other guy(A) must go to a doctor).
Another idea could be the "infection" of some images/files/videos and leave in the wild (this pedophiles bastards are not technical specialist, the majority of them are teachers, fathers or military related). So we keep track of the files all over, and figured out "sources" where they upload this files not a "single email address" i mean where a lot of files converge from different places. Then, security experts with some legal support, 0wn the server and monitors everything... and the investigation continues.
Also the P2P networks has a LOT of "pedophilic" shares, but you can't run after every sick people, you must go to the source and condemn the one who abuse the child.
I don't like the idea of "monitors everything -> searching for something". I think it must be like i said before... its a HUGE difference.
Rock and Roll
Finally! I can stop wasting my time applying to be the Vatican's porn archivist....
I am wondering how would the system differentiate between me uploading my lil bro in his swimwear and some other almost naked pic of a kid meant for some sick bastard in some dingy corner. Wait till u see the feds knocking on your door for no apparant reason. I bet false positives will be enormous.. Far too much to outweigh the advantages of the system. Also as another dude pointed out earlier obfuscation of this type of contect isnt really difficult. The entire system is flawed and makes me think .. could google/yahoo be of any help in combating child porn??
This'll be different in what way from the massive database and set of image search tools that Interpol already maintains? It's not like every signatory agency (including those in the US) doesn't already have access to it, and it's been running for years.
/ PR2005/PR200536.asp
http://www.interpol.int/Public/ICPO/PressReleases
I've met some of the guys running it, and while I really admire their dedication and achievements, I can honestly say there's no job on earth I'd less like to have.
So, yeah, go ahead and build your database. By the time it is up and running, it will be obsolete, and we'll be discussing other problems.
"Where is innocent till proven guilty philiosophy gone?" ... right up the baby's ass.
There is no such thing as innocent until proven guilty. Never was. It was something we were to aspire to, because as humans we do not honestly beleive this.
You disagree with me, you're guilty! You dont like my politician, you're the enemy... You dont support the war, you're a commie!
You dont join the party because you're anti American.
Its US for them. I'm right, you're wrong. You can't possibly be right, because I am right. You are guilty because i say so.
OK, they want to stop child porn. And to do that they're going to stockpile a ton of it?
Is there some question as to the definition of "child porn" or some type of miscommunication that prevents someone from looking it up in the dictionary? Because if the people enforcing these policies can't identify child porn without looking at 100 other child porn images first, then we have one hell of a problem on our hands.
Stockpiling these images isn't going to do anything at all. If they wanted to create some type of program that could identify porn, they could do it with the millions of legal (most of which are free) images on the web.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Is there anyway I can get a copy of that database? Anyone? Bueller?
rhY
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Hypothetical scenario 1:
I piss off the wrong person. This person has access to material of this kind, and a zombie botnet. He arranges for this botnet to spam me with pictures of kiddy porn. The emails are caught by this system and flagged, and suddenly I'm the subject of an investigation. The way that sort of thing works here in the UK, I'm likely to be splashed all over the papers before my innocence is proved (which won't make nearly as large headlines, of course). Even if I am cleared, my reputation may well be shot to hell; people over here aren't too picky when it comes to this sort of thing. A few years ago a tabloid paper raised hell about paedophiles having been released into the community after serving their sentence. Some of the resulting protests saw a paediatrician being hounded from her home - people saw "paed" and thought "paedo". Rationality often takes a back seat where kids are concerned; this could be a very cheap and easy way to utterly ruin someone.
Hypothetical scenario 2:
I go on holiday with my family. I take photographs. I email some of these photographs to my friends and parents. Some of them contain shots of my 6 year old daughter in her swimming costume. An overzealous automated process tags this as a false positive, and suddenly we're all under investigation.
To be honest, scenario 2 doesn't worry me so much; it should be obvious to even the most rabid "think of the children" zealot that the photos are perfectly innocent. It's the first one that gives me grave cause for concern. It would potentially take some effort to prove ones innocence, during which time you're very likely to have been utterly pilloried in the press. If you have kids yourself, they may even have been taken into care for the duration, and are likely to have been teased or bullied about it at school.
I appreciate that measures do need to be taken to fight against child porn, but given the highly sensitive nature of the subject, I have conerns about implementing any sort of automated system.
It's official. Most of you are morons.
What is the incidence rate of the abuse of children to create pornography?
What is the percentage of clearly illegally created porn as apposed to legally created porn?
Does this justify these measures? Does this reduce the incidents of actual abuse?
My thinking is that there is not all that much actual child abuse going on and that much of the 'illegal' porn that is floating about the internet is multiple copies from the few actual abuses or it is legal porn masquerading as 'illegal' porn. I also don't believe that the problem is so widespread that I need to relinquish any more of privacy or rights than the ones already stolen from me by the federal government's 'war on terror'. I also don't think that this in anyway will lesson the incident rate of child abuse and this is what we as a society need to stop. I'm all for stopping child abuse and I don't mind paying to stop it. However, I *do* mind* loosing rights and I do mind paying for ridiculous, ineffective boondoggles. And it seems lately that the government when faced with any 'problem' can *only* come up with ridiculous, ineffective boondoggles.
This will be about as effective as stopping the consumption of cocaine in the United States by dumping millions of tons of roundup in South America.
Or about as effective as stopping terrorism by killing 50,000 Iraqi civilians *and* reading all of my email and listening to all of my phone calls.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
In the long run, all filtering schemes will only make distribution systems stronger. Child porn is already distributed in password protected rar files in certain places, and anonymous p2p networks have hundreds of gigabytes of the material in circulation. Technology isn't the problem here, the problem are the people who distribute the material. Any attacks on technology will fail as long as the people and their interests remain.
Essentially, any filtering mechanism depends on ability to detect the illegal act. If you prevent every method of distribution possible, the only channels left for child porn distributions are ones which are currently impossible to detect. Thus, in the long run this will only make it safer and more secure for people to download child porn. With filtering in place, the end users will know that if they're able to get the material, it means it probably cannot be traced.
If you want real solutions to the child porn problem, you should attack the people involved. "Divide and conquer" is the basic strategy, the different groups have to be isolated from each others and dismantled. Currently there are large anonymous p2p networks which are mainly run by people who want to share files, namely to perform copyright infringement. The child porn distributors use the same networks. If you want to eliminate child porn, you need to isolate these two groups from each others by giving them different goals. Currently, they both want to hide what they're doing from the authorities. One straightforward solution would be to allow filesharing for non-commercial purposes and encourage it to be done in plain sight and moderated networks, so child porn distributors couldn't piggyback in warez networks. Not going to happen anytime soon, eh, so does anyone else have any other ideas?
-- Matti Nikki
Wouldn't it make more sense to arrest people if and when they actually harm a child?
..... but so what? The kids in the pictures aren't getting any worse just because other people are looking at them. The harm was already done when the pictures were taken, and it isn't going to be undone.
I have absolutely no problem whatsoever with people who just want to look at pictures. Yes, they may well be pictures documenting a crime that was committed
I say let people jack off into a box of tissues as much as they damn well like. At least once they've spent their pocket money, they're no danger to anyone for a couple of hours. If they're doing more than look at pictures, then by all means go after them. But what a person does within the privacy of their own imagination is nobody else's business.
Je fume. Tu fumes. Nous fûmes!
If scanning email/web traffic for sigs/hash patterns doesn't catch many people out just check their credit card bill. Known offenders are going have their details passed to banks and have their credit cards revoked, presumably so they can't re-offend. At least until they get a new credit card - UK banks keep giving them out to everyone like some kind of disease.
"The order relates specifically to offences relating to child pornography and allows the authorities to inform a credit card issuer of the identity of someone who has used one of its cards to commit a child pornography offence." From here
Pretty soon this will turn into "Big Brother can check anyones bank account and take action against pretty much any online transaction just in case its kiddy porn with a false transaction reference". This would result in so many "plain brown packages" in bank accounts that we won't be able to identify legitimate transactions and thus be more open to fraud. Unless banks change their rules to conform with the goverments crazy ideas. And everyone else changes to accomodate for this change. Bla bla bla...
Sharing of child pornography leads to more child pornography.
Sharing of copyrighted music leads to less copyrighted music.
Find the anomaly.
In fact, to follow the "think of the children" idea, I believe that such a database would lead with more CP production, as you would have to "replace" the material censored (assuming this measure would be efficient) leading to profits for pornographer producer.
Just a thought
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Literally EVERY parent I know have lots of pictures of their kids naked. Kids run around naked on the beach in pretty much all of Europe and small children simply enjoy taking their clothes off and running around the house and garden, sometimes to the embarrassment of their parents.
While I find it mildly weird to put family photos with naked kids on Flickr or your own family picture site, I can see no reason why this should be illegal. But isn't there a chance of these pictures finding their way into the kiddie porn database? If so, isn't there a decent chance someone may end up being tracked as a pedophile simply for proudly posting family pictures on the Internet?
Differentiating between kiddie porn and legal pictures of kids is probably hard enough when you do it manually and individually, but doing this on a massive scale just sounds incredibly hard and possibly dangerous.
I know that in Denmark for example Cybercity (an ISP) along with the Danish government are actively blocking child porn websites or so. You get an error message explaining the situation in both Danish and English, you know, the whole "sorry for the interruption" sort of procedure. Freenet however isn't blocked.
Do they have the right to log IPs and such? I really don't think so.
o hai
Currently, occasionally CP traders are found out. Because A was getting it off filesharing tools from B, and either of them got busted during a "mundane" sting op and on the PC they found the trace to the other one.
That's pretty much it.
Now, when A can't get his pictues from B anymore the "normal" way, what will happen? Will they stop trading?
Would you stop getting music from the 'net if the RIAA (who do I fool, that should read "when", not "if") buys the corresponding law to apply this technology to music?
What will happen is that the ways to transfer those items become more obscured. Hashes are worthless as soon as you change a single byte. Both ends agree on an encryption scheme and the transfer is possible again. What automatically fails is any kind of tracking possibility.
Currently, when those files can pass, CP traders might be carelessly using traditional means to transfer their material. Because "it works". When it doesn't "work" anymore, they won't stop, they will turn to technologies that can not be stopped.
Those can't be tracked as easily either, though.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
So what this database is telling the producers of kiddie porn is: if you distribute the stuff we already know about, there's a higher chance you'll get busted, so be safe and only produce/distribute fresh new material?
I don't think anybody is against the idea of nailing the kiddie pornographers and getting their "customers" into therapy or whatever they need, but I think this particular idea is a bad misfire.
-- http://frobnosticate.com
How is this legal? ISPs aren't law enforcement, and I don't think (but ianal) possession of ANY child porn is legal.
And how is this supposed to cut it down? It's just going to get more children molested on camera if what's there goes away.
The software can't possibly tell whether it's a picture of a child unless a human has tagged it. Methinks somebody at AOL and Yahoo and Microsoft wants to watch child porn legally! Fucking perverts.
Plus, different states have different legal ages. In Illinois it's 17, in some states it's 18, in Arkansas it's 13. So a movie of two fifteen year olds its legal in Arkansas but not Illinois.
Redd Foxx once asked "what looks like sex but isn't? Fidel Castro eating a bananna!
If the computer can tel Castro from oral sex, how can it tell a 16 year old from a 17 year old? Hell, at my age the thirty year olds look like children! If a human can't tell, how can a machine?
</on topic>
<-1 off topic>
It's bad enough when the New York Times stubbornly insists on being illiterate, but this is allegedly a nerd site.
If "ISP's" is plural for "ISP" then what is the possessive? What is the plural posessive?
ISP - a single ISP
ISPs - more than one ISP
ISP's - singular ossessive; "the first ISP's routers were down"
ISPs' - plural possessive, "the next two ISPs' routers were down"
The Times says ISP is a contraction, but it isn't. Its an acronym. Just because the New York Times editors are illiterate morons doesn't mean slashdot has to be, to.
You learned this is the fourth grad, guys. Stop embarrassing me.
</off topic>
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
So, the ISP's put this system in place, the GOV hires a bunch of spammers (all under the table of course) to email low grade kiddy porn to everbody who looks like the next terrorist and VOILA instant access to all your information: digital and physical. A kiddy porn investigation gets the judges to write out all kinds of warrants for the FBI and you are powerless to stop it.
Some asshat senator mad at your company for opposing one of his bills? Send some kiddy porn to you, and start an investigation. Even if they don't find anything, you'll most likely lose half of your cusotmers and most of your respect.
I'm scared.If O2 is good, O3 must be 1.5 times better!
How did this get moderated up? I'll find you the anomaly: No company in the world has a legitimate market in online pornography. The rationale is that illicit/illegal downloading leads to more illicit/illegal downloading in the cases of both child pornography and copyrighted music.
The damage (theorized by the RIAA) to legitimate music markets by illegal downloading cannot happen to the market for child pornography because there is no market of child pornography to harm.
blog
are now collectors and warehouses of child pron? I'm just curious, when is it legal to obtain, retain, collect and warehouse something illegal? Oh ya, when you are the law. Only then can you break the law.
I don't think a ton of child porn is being distributed via the WWW part of the internet.
More of it gets done via secret FTP sites, and the big daddy of them all, Usenet.
Besides which, until there is a global hard point to call something "child pornography", what does it matter? As long as some countries have a more liberal viewpoint, such as saying 16 is old enough to be photographed nude, how can we hold a international thing like the internet to a U.S. or some other country's standard? Someone will just move their servers to a country where they laws make it legal, and go from there.
Anyone that goes to Usenet binary groups that has pictures knows that sooner or later some child porn-like photos are going to end up on their system. Some spammer is throwing them up. And that makes the decision to report the poster(s) more hazardous. Reporting to may places (like the FBI), they want *YOUR* info, as well. I don't want some FBI agent coming to my house to talk to me about child porn, knowing that there is the small chance some photo that is on my system could fit the criteria for some draconian anti-child porn law that got passed in some whacky place.
Most of what gets found, from a business that actively produces child porn, is coming out of Russia and former Soviet block nations. Nothing happens to those, as the Mafia is too hard to crack. But those mom and pop shops are harder to track.
Come now and let us reason together.
- Isaiah 1:18
Gamingmuseum.com: Give your 3D accelerator a rest.
Whatever happened to the idea of a search warrant? The Postal Service isn't allowed to open my mail and check it for illegal or subversive material without a warrant. An ISP has no business scanning my email or web requests for questionable material.
Mea navis aericumbens anguillis abundat
First off, the National Center for Missing and Exploited Children already has this "databae" or "library" of child porn images. They would be the maintainers of it, not the ISPs themselves. That is what the article says, and that would be the legal requirements - police and other government agencies cannot keep child porn even for sample purposes.
NCMEC will be undoubtably supplying a hash database to ISPs. MD5 or SHA1 probably as these are in common use today. This would enable matching of identical files quickly and easily.
Unfortunately, we are already running into the limits of simple MD5 matching with child porn cases today. You resize the picture or brighten it up a little bit and that changes the MD5 value and your database, library or whatever is then useless. You have a new, original picture with a new original hash value. There are other ways to accomplish this which do not suffer from these limitations without giving up high-speed autonomous comparisons. Check out http://www.infinadyne.com/icatch.html for some ideas.
Yes, I work at the company that is producing this product.
the point is NOT about the KIND of content. that's just a way to get popular soccer-moms (etc) up in arms and mobilized on your side.
what is REALLY shocking is that this opens the door for ISPs to get their 'fingers on the bits' (its a data comm term - sorry about the double ententre).
so far, it has not been 'ok' to let ISPs scan for content and make judgements on it. most ISPs have drawn the line to say that we are just a carrier of bits and we are not RESPONSIBLE for what the user includes in the payload.
the music and film industry has tried to get ISPs to do their spying. with mixed success.
but scream 'CP' and you can't publicly NOT support that (and still keep your job). "have you stopped beating your wife yet?" goes the old joke. there's no safe way to answer that. if you publicly oppose such a politically charged idea, you are a boogeyman and an evil person. if you support it, you will pass under the suspicion-radar and will more or less be left alone.
this is a power grab to OFFICIALLY define an isp's job as net-nanny. first they claim to be protecting the citizenry - but its really far more devious than that. once the gov and the isp's convince joe sixpack that its in their 'benefit' for the net-nannies to read all your content ahead of you, you will NEVER get that level of privacy back again.
this is a sham. whenever someone says "won't you please think of the children!" you can bet that there are alterior motives going on.
remember: those in power just want to keep and increase their control level. fingers on the datacomm bits is one thing they've been after for a long time!
--
"It is now safe to switch off your computer."
They are probably amassing a collection of MD5 sums or some other fingerprints. These of course would be derived from the collections previously seized. Then the ISPs would use somthing like Carvnivore to watch for these fingerprints on the wire. No different than the NSA tapping all the phone lines listening for key words. Oh wait, that was illegal too.
RI** has already proposed fingerprinting their songs and then pressuring the ISP to allow them to monitor key internet streams for their songs being traded. This is truly a 1984 Big Brother kinda thing to do. "You're under arrest sir, your ISP reported you downloading nude images of Gary Coleman!"