ISPs are pressed to become child porn cops

Duane Hoffmann /
/ Source:

New technologies and changes in U.S. law are adding to pressures to turn Internet service providers into cops examining all Internet traffic for child pornography.

One new tool, being marketed in the U.S. by an Australian company, offers to check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.

The company caught the attention of New York's attorney general, who has been pressing Internet companies to block child porn. He forwarded the proposal to one of those companies, AOL, for discussion by an industry task force that is looking for ways to fight child porn. A copy of the company's proposal was also obtained by

Privacy advocates are raising objections to such tools, saying that monitoring all traffic would be an unconstitutional invasion. They say companies can't start watching every customer's activity, and blocking files thought to be illegal, even when the goal is as noble as protecting children.

But such monitoring just became easier with a law approved unanimously by the Congress and signed on Monday by President Bush. A section of that law written by Republican presidential candidate Sen. John McCain gives Internet service providers access to lists of child porn files, which previously had been closely held by law enforcement agencies and the National Center for Missing and Exploited Children. Although the law says it doesn't require any monitoring, it doesn't forbid it either. And the law ratchets up the pressure, making it a felony for ISPs to fail to report any "actual knowledge" of child pornography.

That actual knowledge could be handed to the Internet companies by technologies like the one proposed by the Australian company, Brilliant Digital Entertainment Ltd. Known as CopyRouter, the software would let ISPs compare computer files — movies, photographs and documents — against those lists. Banned files would be blocked, and the requestor would receive a substitute file provided by law enforcement, such as a warning message: "The material you have attempted to access has been identified as child pornography." The attempt to send or receive the file could then be reported to law enforcement, along with the Internet Protocol address of the requestor.

The CopyRouter relies on a controversial new technology called "deep packet inspection," which allows Internet companies to analyze in real time the river of data flowing through their networks. The pipeline would know what was passing through it. You can read more about this technology in Bob Sullivan's

Child porn foes give proposal to AOL
from Brilliant Digital Entertainment describing the technology was passed on to AOL last month by two powerful forces in the fight against child porn: the office of New York Attorney General Andrew M. Cuomo, who has been calling out ISPs that won't agree to block sites with illegal images, and Ernest E. Allen, the president and CEO of the National Center for Missing and Exploited Children, a nonprofit given by Congress a central role in the fight.

When inquired about the proposal, both Cuomo's office and Allen said they were not promoting the technology, merely passing it along to a committee of Internet service providers and software companies as part of "brainstorming" on new technologies to detect illegal images.  

One of the leading experts on electronic privacy in the U.S. says the proposal would clearly run afoul of the U.S. Constitution, essentially setting up a wiretap without obtaining permission from a judge.

"This would be plainly illegal in the United States, whether or not a governmental official imposed this on an ISP or the ISP did this voluntarily,"  John Morris of the Center for Democracy and Technology said after viewing Brilliant Digital's slide show. "If I were the general counsel of an ISP, I wouldn't touch this with a 10-foot pole."

A spokesman for Brilliant Digital Entertainment disputed that, saying the technology would be "non-invasive," would not compromise privacy, would be legal in the U.S. and elsewhere, and most important, would curtail the global proliferation of child pornography.

"I don't think it takes many voices before the Internet industry separates out those who are prepared to build a business on the trafficking of child sexual exploitation," said Michael Speck, Brilliant Digital's commercial manager in charge of law enforcement products. "If boxes started turning up with Pablo Escobar's special-delivery cocaine inside, they'd stop it, they'd do something about it."

How it would work
Here's how CopyRouter would work, according to the company's slide show:

  • A law enforcement agency would make available a list of files known to contain child pornography. Such files are commonly discovered in law enforcement raids, in undercover operations and in Internet searches that start with certain keywords (such as "pre-teens hard core"). Police officers have looked at those files, making a judgment that the children are clearly under age and that the files are illegal in their jurisdiction, before adding them to the list. Each digital file has a unique digital signature, called a hash value, that can be recognized no matter what the file is named, and without having to open the file again. The company calls this list of hash values its Global File Registry.
  • Whenever an Internet user searched the Web, attached a file to an e-mail or examined a menu of files using file-sharing software on a peer-to-peer network, the software would compare the hash values of those files against the file registry. It wouldn't be "reading" the content of the files — it couldn't tell a love note from a recipe — but it would determine whether a file is digitally identical to one on the child-porn list.
  • If there were no match, the file would be provided to the user who requested it. But if there were a match, transmission of the file would be blocked. The users would instead receive another image or movie or document, containing only a warning screen.

Can software fool encryption schemes?
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file. The slide show calls this "special handling." This is done by changing the underlying protocol settings that establish how the sender and recipient exchange the file. This trickery, unknown to either the sender or recipient, would make it possible for CopyRouter to see the underlying files, calculate a hash value and compare the files to the list of illegal files, Brilliant Digital says.

A photo of the company's first test machine can be found online, in the online photos of the company's systems architect, Norberto "Beto" Meijome, author of the PowerPoint presentation.  Meijome's portfolio of online photos on Flickr includes photos of his Cisco SCE router on the day he unpacked and installed it, Sept. 11, 2007. He labels the SCE router "the new toy."

Brilliant Digital Entertainment has a complicated past. Its subsidiary, Altnet, made news in 2002, when its software shipped with the Kazaa file swapping software, then heir to Napster’s throne as the favored way for file swappers to illicitly trade music. Altnet's program was designed to use unused bandwidth and processing power of Kazaa users for such uses as paid advertising and promotions for commercial products. The company claimed that this activity only occurred if the customer allowed it, but some antivirus firms labeled the software as spyware. Later, Altnet was sued by the recording industry for its role in helping spread the popularity of Kazaa.

After settling a lawsuit with the music industry, Brilliant Digital decided to approach file sharing from a new direction, selling products designed to help copyright holders protect their intellectual property. It now describes itself as a "significant online provider of licensed film and music content."

Seeking allies to move the new product to market
Now the company wants to expand into a new product line: fighting child porn.

"We have been working on it for some time," Speck said in a telephone interview from Australia.

"We've been in negotiations with ISPs and law enforcement agencies and content owners." Speck said he previously led the anti-piracy organization of the Australian sound recording industry.

Now he's lining up meetings in the U.S. next month with Internet providers and the National Center for Missing and Exploited Children.

In advance of his trip to the U.S., Speck spoke with the staff of Andrew Cuomo, whose New York attorney general's office has been pressuring Internet service providers to fight child porn. In June, Cuomo announced he was investigating ISPs, using a modern version of the public stocks to encourage cooperation. He set up a listing Internet providers around the nation that made the changes he demanded, as well as "ISPs that have failed to make the same commitment to stop child porn." Cuomo, who was recently cited by McCain as one Democrat he would like to appoint to federal office, has urged Internet service providers to block access to child porn news groups and "purge their servers of child porn Web sites."

**FILE** In this June 11, 2008 file photo, New York Attorney General Andrew Cuomo, right, speaks at a news conference in Albany, N.Y. Citigroup Inc. will buy back more than $7 billion in auction-rate securities and pay $100 million in fines as part of settlements with federal and state regulators announced Thursday. (AP Photo/Mike Groll, file)Mike Groll / AP

Speck had a conference call in September with Cuomo's staff, which he said gave him a blunt description of the legal and privacy landscape in the U.S.

"We'd be grateful for any assistance in getting this to the relevant ISPs and law enforcement agencies, and making any adjustments necessary," Speck said, recounting the conversation with Cuomo's staff. "It was made very clear that, for this to be a viable law enforcement tool, this would have to operate within the legislative framework within the country."

After talking with Speck, Cuomo's office passed the proposal on to John D. Ryan, AOL's senior vice president, deputy general counsel and head of its public safety and criminal investigations unit. Ryan received the slide show on Sept. 18, the day before attorneys from Cuomo's office arrived at AOL's headquarters in Virginia to discuss new technologies to fight child porn. Both Cuomo's office and AOL said that the CopyRouter was not discussed explicitly during what was described as a brainstorming session.

‘We have nothing to do with this technology’"We have not pressured anyone to use this technology," said a Cuomo spokesman, Matthew Glazer. "We have nothing to do with this technology."

At the same time, AOL's Ryan received a copy of the slide show from the National Center for Missing and Exploited Children. Known as NCMEC, this private nonprofit organization has an increasing role in the law enforcement effort against child porn, and receives more than $35 million in taxpayer funds each year. NCMEC and Cuomo's office have worked together this year on the child-porn fight, holding a joint press conference to announce Cuomo's Web site.

Ryan also has close ties to NCMEC, serving as a member of the board of directors and as leader of its industry Technology Coalition on child porn. Members of that group also include Yahoo, Microsoft, Google and others. ( is a joint venture of Microsoft and NBC Universal.)

AOL officials said they did not feel pressured by Cuomo or NCMEC to adopt any particular technology, adding that the company has a long history of fighting child porn on its own initiative. "The relationship with the attorney general is positive and partnering," Ryan said.

AOL's has a system of its own
AOL officials told that they already examine some files for child porn, block access to those files, and provide evidence to law enforcement. That system (called image detection filtering protocol) apparently is based on the same general principle as CopyRouter, comparing the hash values of files to a known list. But there are significant differences between the two approaches.

AOL checks files uploaded as attachments to e-mail against a list of files that AOL has identified as child porn. If the file matches one on its list, the sender is led to believe that the file has been sent, but it has not. AOL's methods have been shared with other Internet service providers.

But AOL officials said a device like the CopyRouter would be more extensive and more efficient for two reasons: AOL checks only e-mail attachments, not Web searches or other Internet traffic, and its home-grown list of banned files is much shorter than the lists compiled by law enforcement and NCMEC.

"The library of hash values that AOL has, has been derived over time, completely in house from reports from users and files we've stumbled upon," said Christopher G. Bubb, an AOL assistant general counsel in the public safety and criminal investigations unit. "So it's not a government list. Courts have likened it to citizen provided information."

Government role would be problematic That distinction is important. Internet service providers could be considered agents of law enforcement if they began comparing files to a list provided by the police and intercepting traffic by substituting a legal file for an illegal one. The Fourth Amendment to the U.S. Constitution forbids unreasonable search and seizure by the government. Courts have held that Internet service providers are within their rights to examine the traffic that flows through their pipeline — as they must do, for example, to combat spam — because the scrutiny is being done by a company, not the government.

Although they said they could not pass judgment on software proposed by any vendor, the AOL officials suggested that Brilliant Digital's proposal might not work in the U.S., at least not without Congress providing ISPs more legal cover.

""Keep in mind that this is developed in a totally different cultural and legal regime. The Australian legal system is quite different from an American legal system," said Ryan, the AOL executive. "It would raise concerns. ... Would we be deemed an agent of the government?"

‘Not an intelligence-gathering tool’
Speck, the Brilliant Digital official, argued that CopyRouter would not put ISPs in a law enforcement role because the list of banned files would be managed by the law enforcement agency, not handed over to the private companies. CopyRouter would consult that list, but at arm's length from the companies.

"The responsibility is shifted to law enforcement," Speck said. "We've delivered to Internet service providers something they've called for. ... This is not an intelligence-gathering tool. This is not for developing a list of users. This is an extension of what routers already do."

But wouldn't the Internet service provider know which traffic CopyRouter had blocked, and which user had sent or attempted to download it? No, Speck said, because his company's product would be a neutral middleman, not sharing information with the ISP or law enforcement.

"All hashes are provided to Global File Registry, which manages a secure data base and communications channel between law enforcement agencies and the ISP such that the illicit file hashes targeted by law enforcement remain private and secure to the relevant law enforcement agency," he said in an e-mail after the interview. "There is no personal (sender/receiver) information identified, and privacy is maintained."

, however, does describe information on users being passed directly to law enforcement. Any files that matched the child porn list would be reported to a "law enforcement data collector," along with IP addresses identifying the user's computer. The slide show says, "Any hits here will generate a 'red' report, which will be routed to the police collector server ONLY. These reports contain full IP information."

Although Brilliant Digital says no law enforcement agency has signed on to the CopyRouter plan, that hasn't kept the company from including a familiar blue seal in its slide show. At each point when a law enforcement computer is depicted, it bears a mark that closely resembles the FBI logo. Only when the logo is magnified can one see that it says "Friendly Bus Investigator" rather than "Federal Bureau of Investigation." The FBI hasn't signed on to the plan, Speck said, and the logo was not meant to imply any endorsement.

The FBI met a hailstorm of criticism in 2000 when the existence of its Carnivore project was revealed. The packet-sniffing technology was used to monitor and log traffic when installed at an Internet service provider. The FBI by 2005 had stopped using the technology, in favor of commercial tools.

New law may take law enforcement out of the loop Under the new U.S. law, a system like CopyRouter might not require involvement of law enforcement. The McCain portion of the new child-porn law allows such a system to be set up by the Internet service providers, because it gives them access to those lists of illegal files.

The key player in that transfer is the National Center for Missing and Exploited Children. Although it's a nonprofit organization, NCMEC has increasingly taken on law enforcement roles, with Congress requiring that complaints of child pornography be sent to its CyberTipline. Since 1998, NCMEC says, it has received more than 300,000 reports from ISPs. And it gives them a daily list of Internet addresses that appear to host child porn, so the companies can choose to block those Web pages.

The new law authorizes NCMEC to go further, handing to Internet service providers the list of files judged to be child porn. Law enforcement agencies give those hash values to NCMEC, which will be allowed (but not required) to give them to the ISPs. That cooperation would allow the ISPs to use CopyRouter or their own home-grown solutions, without including cops in the loop directly.

That provision was part of the , a bill introduced by Sen. McCain and Democratic Sen. Chuck Schumer of New York. A McCain aide called the bill a "NCMEC wish list." The SAFE Act also made it a felony for ISPs to fail to report child porn, if they discover it, with penalties up to $300,000 for each instance.

DAVENPORT, IA - OCTOBER 11: Republican presidential candidate Sen. John McCain (R-AZ) speaks to supporters at a campaign rally October 11, 2008 in Davenport, Iowa. McCain spoke to about 1,000 people at the rally. (Photo by Steve Pope/Getty Images)Steve Pope / Getty Images North America

McCain's bill got caught in a tug-of-war with written by another player in the presidential election, Sen. Joe Biden, the Democratic vice presidential candidate. Biden's solution leaned more toward law enforcement, giving more money to the Justice Department and state Internet Crimes Against Children task forces, which investigate child pornography.

With NCMEC lined up behind McCain's bill, and other child protection activists (and Oprah Winfrey) pushing for Biden's bill, Congress finally passed them both: McCain bill was folded into the Biden bill, which passed the House and Senate without objection. Republicans were able to cut the spending in the Biden bill, down to $300 million.

With the new law in place, NCMEC has a plan for ISPs to use their new access to the hash values.

"We believe that there needs to be more proactive, voluntary methods to identify illegal child pornography content that bring it to their attention," said Allen, the NCMEC president. "We are working with leading ISPs to do that."

He said NCMEC's Hash Sharing System would share with Internet service providers information on only the " worst of the worst" images of child pornography. An image must depict a pre-pubescent child who has been identified by law enforcement. And it must depict  one of the following: "oral, vaginal or anal penetration and/or sexual contact involving a child whether it be genital, digital, or a foreign object; an animal involved in some form of sexual behavior with a child; or lewd or lascivious exhibition of the genitalia or anus. "

"Through this project, NCMEC is also working with the members of the Technology Coalition to test existing software and develop new technologies that will enable ISPs to identify apparent child pornography images by hash value and block them," Allen wrote in an e-mail.

Some ISPs willing to police copyright law
The idea of turning Internet service providers into cops has been opposed and embraced by different ISPs in a different realm — copyright protection. The recording and movie industries have pressed ISPs to monitor their customers to detect traffic copyright violations. AT&T has said it hopes to monitor for pirated content, and has been in discussions with content companies, including NBC Universal (co-owner of, which has pushed for such filtering. Microsoft (the other co-owner of has said it opposes filtering by ISPs.

ISPs also have run into public and government opposition just for slowing down, not blocking, some Internet traffic. The Federal Communications Commission ruled in August, on a 3-2 vote, that Comcast's limiting of BitTorrent traffic was illegal. Comcast said it was merely trying to keep the flood of peer-to-peer file sharing from slowing down the Internet for everyone else. As for CopyRouter, the company's manager said it would not slow down Internet traffic noticeably, because it's not inspecting the contents of files, merely comparing their hash values to a list, which can be done quickly.

Privacy advocates have already raised objections to deep-packet inspection. Earlier this year, a California company named NebuAd proposed a service that would observe Web surfers’ Internet habits through machines installed at ISPs, then inject context-sensitive advertising into the Web sites the consumers visited. It called the system "Behavioral Targeting." Public outcry and rumblings of an investigation from Congress led firms considering the technology to pull out.

Morris, of the Center for Democracy and Technology, said Brilliant Digital's plan constitutes an illegal wiretap, and would run afoul of the Electronic Communications Privacy Act. No firm can listen in on private communications unless it is instructed to do so by a law enforcement official with a proper court order, he said.

‘Enormous First Amendment problems’
Even then, no government agency — even a law enforcement agency or state attorney general's office — could impose a requirement to stop all files on a blacklist, or otherwise create a list of forbidden content, Morris said. Such a list would not pass constitutional muster.

"You can't declare speech, or images, illegal without judicial proceedings," Morris said. "... That creates enormous First Amendment problems. You can't have an agency or outside firm acting as judge and jury on these images."

Also, blocking images before they were delivered would constitute a prior restraint of communication, Morris said, violating the First Amendment right of free speech.

Other methods used to combat child porn — logging IP addresses of frequent senders and investigating them, by using a subpoena to force ISPs to reveal the name, and then knocking on the user's door — raise no such constitutional issues, Morris said. He compared that to a law enforcement official overhearing illegal speech in a public place and prosecuting a speaker. Brilliant Digital's scheme, he said, is more like picking up a telephone and listening in on private conversations.

"As horrible as child pornography is, and it is horrible, you still have to follow the Constitution," Morris said.

At NCMEC, Allen said the privacy interests are being heard. "We have been very sensitive to legitimate free speech and privacy-related concerns. That is one of the reasons we are focusing exclusively on pre-pubescent children and the most egregious images. That does not suggest that child pornography images involving 13-year-old children are acceptable or less serious, however, traditional law enforcement investigation and prosecution efforts are being used for those situations."

A different approach
Another child protection group has a different approach. The National Association to Protect Children, which advised Sen. Biden on his bill, said that blocking of files by Internet service providers could easily be seen by the public as "overreaching," making it harder to get public support for efforts of law enforcement. What's needed, said the group's executive director, Grier Weeks, is for cops to investigate the leads they already have.

"The Department of Justice and all 50 attorneys general are sitting on a mountain of evidence leading straight to the doors of child pornography traffickers," Weeks said. "We could rescue hundreds of thousands of child sexual assault victims tomorrow in America, without raising any constitutional issues whatsoever. But government simply won't spend the money to protect these children. Instead of arrests by the Federal Bureau of Investigation, the child exploitation industry now faces Internet pop-ups from the Friendly Bus Investigators. That was always the fundamental difference between the Biden bill and the McCain bill. Biden wanted to fund cops to rescue children. McCain wanted to outsource the job."

Sen. McCain's general counsel, Lee C. Dunn, said that he's happy that both the law enforcement and technology approaches became law, that his focus was on protecting children. She said the new law does not require any Internet provider to monitor traffic.

"They have the responsibility and their right to manage the network as they wish," Dunn said. "If AOL wants to monitor their network for child porn, some customers may go to them, because they'll keep them from getting this stuff showing up in their e-mail. Other companies may choose not to, and other people may prefer that. We're not dictating to them that they monitor their network."

Brilliant Digital Entertainment is betting that most internet companies will choose to monitor their customers. Michael Speck said his company's product pitches have been well received by law enforcement agencies, government officials and Internet service providers.

"I don't think there's anyone in the Internet space," Speck said, "who doesn't think fighting child sexual exploitation is good business."