Internet Watch Foundation

 

Author – Tony Fagelman

Working Group – Ian Walden, Hamish Macleod, Nick Trueman, Mark Gracey, Tony Fagelman, Brian Wegg.

 

At the meetings of the Board and Funding Council in July 2004, a document was presented that outlined the issues and opportunities surrounding the interest in the Child Abuse Images database, with a subsequent addendum that provided more information. Since details of BT’s Cleanfeed service entered the public domain then has been intense interest in our database and we have had to consider the options available to the IWF. In October 2004, both Funding Council and Board were asked to comment on those documents. It was decided to form a working group to discuss the options and to provide Board and FC with a set of recommendations for consideration.

 

The purpose of this document is to provide the recommendations from the working group and to summarise the original documents to provide all interested parties with a full report for consideration at Funding Council and Board in January 2005.

 

At the meeting on the 18th July 2002 and following legal advice, IWF Board decided that an encrypted version of the child abuse URL section of the IWF database could be made available to reputable subscribing companies to the IWF as part of a membership benefit.

Termed the Child Abuse Images URL service or CAI URL service, this is a dynamic system, up-dated daily as new URL’s are added. For inclusion on the list, the URL that points to the web-site, must contain images of child abuse that are deemed potentially illegal according to UK law, it also includes the URL’s of websites which advertise indecent images of children. If the potentially illegal images are on the home page then the entire site is included, if they are only found in specific locations within that site, then only those URL’s containing such content are recorded and added.

 

The CAI database holds every URL that has been reported to the IWF since inception. We maintain this data so that law enforcement agencies and other services can retrospectively check URL’s found on a forensically investigated computer.

 

The IWF has five highly trained analysts, working full-time viewing and classifying images. The analysts undergo a comprehensive in-house training programme as well as attending training days with police experts.

 

The IWF uses the classifying system as stipulated by the Sentencing Advisory Panel. This lists 5 levels of abuse from Level 1, erotically posed children etc. through to Level 5. At least two analysts must confirm that the image is Level 1 before it is added to the database. All reports will include the name of both the analysts involved in such a classification.

 

Once a request to access the database is received the IWF sets up a secure unique access point through our web-site. Each client is allocated their own specific URL login page with unique password. The system authenticates the client then opens a secure link to generate a request to the CAI database. This in turn passes the data to the web-site and then to the client. At no time does a client have direct access to the database.

 

Data can be transferred to the client either manually, i.e. the client requests a full six month dump, or an up-date, since their last request. The system acts like an anti-virus service, the client can request regular updates or they can refresh their entire list. If the client has an automatic update arrangement the system knows what to deliver when a request is made.

 

The data is downloaded using industry standard 128bit encryption using SSL and HTPPS, similar to the method personal online banking services are managed.

 

The full download is made up of six months of current data. Data is removed automatically when it is more than six months old. The IWF adds approximately eighty new URL’s to the list weekly. The system also has a built in reminder system, so that random URL’s are tested after three months inclusion to consider their status.

 

The IWF also maintains an area of “removed” URL’s. These are URL’s that would be considered as containing potentially illegal data, but might have become “legal”. It should be noted, that there are no URL’s on this list and there never have been

 

Finally, the IWF have a strict complaints and appeals procedure. Any organisation that feels that they have been included on the list incorrectly, can appeal. If, on receipt of a complaint, a web-site that has been added to the list has subsequently been found not to contain potentially illegal images, then the URL will be removed from the database. If, however, in the expert opinion of the analysts at the IWF, the content is still potentially illegal under UK law, then the URL will remain on the list. The complainant can then make further representations in which case the matter will be referred to POLIT (National Crime Squads Paedophile Online Investigation Team) who will further review the web-site concerned and make their judgement. The police judgement is final.

 

The IWF has been compiling the CAI database for a number of years. Since November 2003, the IWF has provided access to the database to member companies on a individual request basis. Each member must sign a detailed legally drafted agreement that covers the terms of use, the IP, the liabilities and other standard contractual clauses in regards to the data.

 

The IWF supports the policy of reducing the possibility of internet users gaining access to illegal child abuse images whether inadvertently or through actively seeking out the content, by providing data for filtering options to as many organisations as require it.

The IWF recognises that security of the data is of utmost important and will seek to maintain that security with all members who take the service 

The Corporate Plan for 2005-07 has stated as one of its aims to stimulate a debate on the dissemination of our CAI database to other hotlines so they can assess the information under their own specific laws and then possibly replicate our service to their service providers. In return we are hopeful that INHOPE members will share their data with us so where applicable we can add potentially illegal URLs that have not been notified to us by UK consumers to our CAI database

 

The IWF currently delivers the data via a secure encrypted method. However, once the data has arrived with the member it is in a raw format and is readable by anyone who has access to it. The agreement requires the member to limit access to that data and if asked, provide the IWF with a list of all personnel who have access to that raw data, and that those personnel must be kept to a minimum. Additionally, the agreement recommends that an automated service be setup that requests the data and passes it directly into the filtering service the member is using.

 

The IWF considered a number of methods for delivery of the data and subsequent capture by the member, but because of the diverse filtering options that are available, it was decided to provide the data in its simplest forms, .csv file format and “plain text”.

 

The IWF could adopt a more security led approach whereby a more secure method is agreed and that all licensees had to adhere to that method.

 

The IWF is currently considering two potential options to maximise security.

 

1)                 The use of cryptography to maintain the data in a form that is unreadable from when it is requested from the IWF through to when it is placed in the filtering solution.

2)                 The use of Digital Rights Management as a method of ensuring that only the specific people or machines can access the data and then limit the actual use of that data. Ie only allow the file to be opened once.

 

Both of these are require a lot more investigation, but at the moment, the crypto solutions is looking increasingly unlikely, without enforcing the need for a specific single solution that all licensees must adopt, which may be prohibitive to some due to increased costs.

 

A further option could be for the IWF to provide a separate Server that contains the unique software for each specific service that enables the CAI list to be encrypted in those services. The licensee would then query the separate server as required to obtain their own unique code. Such a service will require further investigation.

 

We are always open to suggestions from our members who employ some of the brightest people in the UK. We welcome their input into possible options that will assist in maintaining the security of the data.

 

The working group met on Thursday 25^th November. A copy of the minutes from that meeting were circulated along with legal advice regarding potential anti-competitive practices.  The recommendations from the group were as follows:

supported, subject to clear definition of who is a member and strict criteria to veto unsuitable organisations

The Working Group defined commercial use as:

supported, subject to the definition of commercial use (agreed above) and the legal advice on whether anti-competitive. The legal advice supported our belief that anti-competitive practices could be levied against us if we limited the availability of the service to members only, albeit an unlikely event.

supported

 

supported, subject to opt out by law enforcement and relevant and authorised bodies under section 46 of SOA.

 

supported, and only an issue when a company makes commercial use of the database

 

supported, see conclusion on sub-licensing above 

Supported – see Corporate plan 2005-07

 

supported subject to provisos above on international aspects.

 

supported

supported

 

 

The Working Group now asks the Board and Funding Council to support the recommendations as laid out in this document.