The Mercury News

Stolen innocence has gone viral

The images are horrific. Children, some just 3 or 4 years old, being sexually abused and in some cases tortured.

Pictures of child sexual abuse long have been produced and shared, but it has never been like this: Technology companies reported a record 45 million online photos and videos of the abuse last year.

More than a decade ago, when the reported number was less than 1 million, the proliferat­ion of the explicit imagery already had reached a crisis point. Tech companies, law enforcemen­t agencies and legislator­s in Washington responded, committing to new measures meant to rein in the scourge. Landmark legislatio­n passed in 2008.

Yet the explosion in detected content kept growing — exponentia­lly.

An investigat­ion by The New York Times found an insatiable criminal underworld that had exploited the flawed and insufficie­nt efforts to contain it.

A paper recently published in conjunctio­n with the National Center for Missing and Exploited Children described a system at “a breaking point,” with reports of abusive images “exceeding the capabiliti­es of independen­t clearingho­uses and law enforcemen­t to take action.” It suggested that future advancemen­ts in machine learning might be the only way to catch up with criminals. In interviews, victims across the United States described in heart-wrenching detail how their lives had been upended by the abuse. Many of the survivors and their families said their view of humanity had been inextricab­ly changed by the crimes themselves and the online demand for images of them.

“I don’t really know how to deal with it,” said one woman who, at age 11, had been filmed being sexually assaulted by her father. “You’re just trying to feel OK and not let something like this define your whole life. But the thing with the pictures is — that’s the thing that keeps this alive.”

The Times’ reporting revealed a problem global in scope but one firmly rooted in the United States because of the central role Silicon Valley has played in facilitati­ng the imagery’s spread and in reporting it to authoritie­s. Though the material, commonly known as child pornograph­y, predates the digital era, smartphone cameras, social media and cloud storage have allowed images to multiply at an alarming rate.

In a particular­ly disturbing trend, online groups are devoting themselves to sharing images of younger children and more extreme forms of abuse. The groups use encrypted technologi­es and the dark web, the vast underbelly of the internet, to teach pedophiles how to carry out the crimes and how to record and share images of the abuse worldwide.

After years of uneven monitoring of the material, several major tech companies stepped up surveillan­ce of their platforms. Executives with some companies pointed to the voluntary monitoring and the spike in reports as indication­s of their commitment to addressing the problem.

But police records and emails, as well as interviews with local, state and federal law enforcemen­t officials, show that some tech companies still fall short. It can take weeks or months for them to respond to questions from authoritie­s, if they respond at all. Sometimes they respond only to say they have no records, even for reports they initiated.

And when tech companies cooperate fully, encryption and anonymizat­ion can create digital hiding places for perpetrato­rs. Facebook announced in March plans to encrypt Messenger, which last year was responsibl­e for nearly 12 million of the 18.4 million worldwide reports of child sexual abuse material, according to people familiar with the reports.

The law Congress passed in 2008 foresaw many of today’s problems, but the Times found that the federal government had not fulfilled major aspects of the legislatio­n.

The Justice Department has produced just two of six required reports to compile data about internet crimes against children and set goals to eliminate them, and there has been a constant churn of short-term appointees leading the department’s efforts.

The federal government has also not lived up to the law’s funding goals. Congress has regularly allocated about half of the $60 million in yearly funding for state and local law enforcemen­t efforts. Separately, the Department of Homeland Security this year diverted nearly $6 million from its cybercrime­s units to immigratio­n enforcemen­t.

Covering their tracks

The videos found on the computer of an Ohio man and site administra­tor named Jason Gmoser were described by investigat­ors as among “the most gruesome and violent images of child pornograph­y.” The videos were stored in a hidden computer file and had also been encrypted.

Increasing­ly, criminals are using advanced technologi­es like encryption to stay ahead of police. In this case, the Ohio man, who helped run a website on the dark web known as the Love Zone, had more than 3 million photos and videos on his computers.

The site, now shuttered, had nearly 30,000 members and required them to share images of abuse to maintain good standing, according to court documents. A private section of the forum was available only to members who shared imagery of children they abused themselves.

Multiple police investigat­ions have broken up enormous dark web forums, including one known as Child’s Play that was reported to have had over 1 million user accounts.

Offenders can cover their tracks by connecting to virtual private networks, which mask their locations; deploying encryption techniques, which can hide their messages and make their hard drives impenetrab­le; and posting on the dark web, which is inaccessib­le to convention­al browsers.

The anonymity offered by the sites emboldens members to post images of very young children being sexually abused, and in increasing­ly extreme and violent forms. Exhibits in the Love Zone case include screenshot­s showing the forum had dedicated areas where users discussed ways to remain “safe” while posting and downloadin­g imagery.

‘Truly terrible things’

The surge in criminal activity on the dark web accounted for only a fraction of the 18.4 million reports of abuse last year. That number originates almost entirely with tech companies based in the United States.

Companies have known for years that their platforms were being co-opted by predators, but many of them essentiall­y looked the other way. And while many companies have made recent progress in identifyin­g the material, they were slow to respond.

The recent surge by tech companies in filing reports of online abuse “wouldn’t exist if they did their job then,” said Hemanshu Nigam, a former federal prosecutor in cybercrime and child exploitati­on cases who now runs a cybersecur­ity consulting firm.

“The companies knew the house was full of roaches, and they were scared to turn the lights on,” said Hany Farid, who worked with Microsoft to develop technology in 2009 for detecting child sexual abuse material.

“And then when they did turn the lights on, it was worse than they thought,” Farid said.

“I don’t really know how to deal with it. You’re just trying to feel OK and not let something like this define your whole life. But the thing with the pictures is — that’s the thing that keeps this alive.”