CRIMINAL DEFENSE TECH TIDBIT – Challenging Historical Cell Site Analysis
October 23, 2024
CRIMINAL DEFENSE TECH TIDBIT – Challenging Historical Cell Site Analysis
October 23, 2024
Show all

CRIMINAL DEFENSE TECH TIDBIT – ELECTRONIC SERVICE PROVIDERS AND CHILD SEXUAL ABUSE MATERIAL

Cybertip Reports

Electronic Service Providers (ESPs) are required under 18 U.S. Code § 2258A to report suspected Child Sexual Abuse Material (CSAM) to the National Center for Missing and Exploited Children (NCMEC). NCMEC is a nonprofit organization funded by Congress. While ESPs are not mandated to actively search for CSAM, they may voluntarily choose to do so.

How ESPs Detect CSAM

ESPs employ several methods to identify and report suspected CSAM:

  1. Hash Matching: ESPs compare files on their networks with the FBI’s Innocent Images Database using hash values to identify matches.
  2. User Reports: Content flagged by users is reviewed and potentially reported.
  3. Artificial Intelligence and Moderation: AI tools identify potential CSAM, which is then reviewed by human moderators.

When ESPs identify suspected CSAM, they report it to NCMEC through the CyberTipline. Reports can be submitted manually via a form, through the NCMEC portal, or through automated electronic submissions.

CyberTipline Reports: Leads, Not Evidence

A CyberTipline report is an investigative lead—not direct evidence. Understanding the key sections of these reports is essential:

  1. Disclaimers:
    • NCMEC explicitly states, “NCMEC does not act in the capacity of or under the direction or control of the government or law enforcement agencies.” This raises questions about the extent to which law enforcement can influence or object to content stored at NCMEC.
    • NCMEC does not investigate or verify the accuracy of information submitted by ESPs.

These disclaimers underscore that CyberTipline reports are not official evidence and should not be treated as such.

  1. Did the Reporting ESP View the Entire Contents of the Uploaded File?
    This section clarifies whether the ESP actually reviewed the reported file, which is critical for establishing how the file description was generated.

This establishes whether or not the officer has looked at the files.

From CyberTipline Report to Law Enforcement

NCMEC forwards CyberTipline reports to Internet Crimes Against Children (ICAC) task forces in the state where the alleged offense occurred. This determination is based on IP address data and subscriber information provided in the report.

However, challenges arise in this process. Law enforcement often delays acting on CyberTipline reports. During this time, ESPs may delete the reported account and the associated data due to retention policies. As a result, ESPs are frequently unable to respond to discovery requests or validate the files they originally submitted. ESPs often warn law enforcement to issue warrants promptly to avoid data loss.

How Law Enforcement Obtains File Descriptions

Law enforcement search warrant applications include descriptions of the suspected CSAM files. These descriptions may come from one of two sources:

  1. The officer personally reviewed the files downloaded from NCMEC and documented their contents.
  2. The description was sourced from a government database that associates file hashes with predefined descriptions.

In some cases, officers do not view the files themselves and instead rely solely on the hash-based descriptions.

The Importance of Discovery in CSAM Cases

To verify how evidence was handled and ensure due process, defense teams should focus on discovery. Key items to request include:

  • A list of all files sent from NCMEC to law enforcement.
  • The full investigative file maintained by NCMEC.
  • Hash database entries with file descriptions.
  • Deconfliction Reports
  • Redacted Forensics Reports
  • Communication with NGO’s
  • Prior Cybertips
  • Business Record Certifications
  • Electronic Service Provider Logs
  • *There are hundreds more depending on type of case*

Understanding these processes is essential for ensuring that investigative practices align with legal standards and for identifying potential weaknesses in the handling of CSAM evidence.

In 2024 Garrett Discovery (NACDL Affinity Partner) Digital Forensic experts performed work on 240 sex crime cases. Pay attention to their LinkedIn page as they post weekly, their acquittal’s or dismissed cases.  Call the experts at Garrett Discovery for a free consultation and winning strategy at 888.822.5077