EUROPOL HEADQUARTERS, THE HAGUE — “Please knock. Do not enter,” said the sign on the door of Europe’s heavily-secured law enforcement headquarters in the Netherlands.
Inside, detectives were staring at their computers, examining a video of a newborn girl being molested.
A group of international detectives was trying to identify details — a toy, a clothing label, a sound — that would allow them to rescue the girl and arrest those who sexually abused her, recorded it and then shared it on the internet.
Even a tiny hint could help track down the country where the baby girl was assaulted, allowing the case to be transferred to the right police authority for further investigation. Such details matter when police are trying to tackle crimes carried out behind closed doors but disseminated online across the world.
Finding and stopping child sex offenders is gruesome and frustrating most of the time — yet hugely rewarding sometimes — police officers part of the international task force at the EU agency Europol told POLITICO.
Offenders are getting better at covering their digital tracks and law enforcement officials say they don’t have the tools they need to keep up. The increasing use of encrypted communication online makes investigators’ work harder, especially as a pandemic that kept people at home and online ramped up a flood of abuse images and videos.
In 2022, social media giant Meta Platforms found and reported 26 million images on Facebook and Instagram. Teenagers’ favorite apps Snapchat and TikTok respectively filed over 550,000 and nearly 290,000 reports to the U.S. National Center for Missing and Exploited Children, an organization acting as a clearing house under U.S. law for child sexual abuse material (CSAM) content that technology firms detect and spot.
The European Commission in December also ordered Meta to explain what it was doing to fight the spread of illegal sexual images taken by minors themselves and shared through Instagram, under the EU’s new content-moderation rulebook, the Digital Services Act (DSA).
Politicians across the world are keen to act. In the European Union and the United Kingdom, legislators have drafted laws to dig up more illegal content and extend law enforcement’s powers to crack down on child sexual abuse material.
But those efforts have ignited a fierce public debate on what takes precedence: granting police new abilities to go after offenders or preserving privacy and protections against states’ and digital platforms’ mass online surveillance.
The scale of the problem
The Europol task force has met twice a year since 2014 to accelerate investigations to identify victims, most recently in November. It has almost tripled in size to 33 investigators representing 26 countries including Germany, Australia and the United States.
“You might recognize things that are in the images or you might recognize the sounds in the background or the voices. If you do that together with multiple nationalities in one room, it can be really effective,” said Marijn Schuurbiers, head of operations at Europol’s European Cybercrime Centre (EC3).
Still, too often detectives feel like they’re swimming against the tide, as the amount of child sexual abuse material circulating online surges.
Europol created a database in 2016 and this system now holds 85 million unique photos and videos of children, many found on pedophile forums on the “dark web” — the part of the internet that isn’t publicly searchable and requires special software to browse.
“We can work hours and hours on end and we’re still scratching the surface. It’s terrifying,” said Mary, a national police officer from a non-EU country with 17 years of experience. She requested not to use her last name to protect her identity while doing investigative work.
The task force in November went through 432 files, each containing tens of thousands of images, and found the most likely country for 285 of the children abused in the images. Police believe it likely identified 74 of the victims, three of whom were rescued by the time of publication. Two offenders were arrested.
“We have some successes. But all I can see is those we can’t help,” Mary said.
Many Western agencies outside of the U.S. are restricted by privacy provisions in the software they use like facial recognition tools. They often have to make do with a mix of manual analysis and freely accessible tools they can get from the internet.
“If you have like thousands or hundreds of thousands or even millions of pictures, it’s basically impossible to go manually through them, one by one,” said Schuurbiers.
Since 2017, the agency has regularly been asking for public help to identify objects in images like plastic bags and a logo on a school uniform. Europol said it has gotten 27,000 tips from internet sleuths including investigative outlet Bellingcat, some of which led to 23 kids being identified and five offenders being prosecuted.
Groups on the “dark web” remain the principal place where offenders share illegal content, according to Europol.
But police and child protection hotlines are seeing a growing number of images cropping up on popular and accessible platforms like Facebook, Instagram, Snapchat and Instagram. The pandemic made this worse as more children and teenagers also joined social media and gaming websites where offenders got better at grooming victims and blackmailing them into making sexual content.
Law enforcement agencies around the world have also sounded the alarm that offenders are also connecting with minors and exchanging illegal content on encrypted messaging apps like WhatsApp, Signal and iMessage, making it extremely challenging to find the content. WhatsApp, for instance, scans the photos and descriptions users but is unable to monitor their highly secure messages.
Finding more child sexual abuse material
The crisis of child sexual abuse material proliferating online has got governments pushing through sweeping new legislation to make it possible for law enforcement to investigate more online material and use artificial intelligence tools to help them.
The European Commission has proposed a law that could force tech companies like Meta, Apple and Google to scan messages and content stored in the cloud for images of abuse — and even for conversations of offenders seeking to manipulate minors upon a judge’s order. The companies would have to report the content, so it could end up with Europol or other national investigators, and then remove it.
The United Kingdom recently passed the Online Safety Act, which some legal experts say would allow the country’s platform regulator Ofcom to force companies to break encryption to find sexual abuse. Government and Ofcom officials have said companies would not currently be forced to monitor content because tools to bypass encryption and also preserve privacy do not exist at the moment.
Both plans have sparked widespread backlash among digital rights activists, tech experts and some lawyers. They fear the laws effectively force tech firms to ditch encryption, and that indiscriminate scanning will lead to mass surveillance.
Negotiations on the EU draft law remain on thin ice, with politicians and member countries clashing over how far to go in hunting down potential illegal child abuse. And Brussels also finalized in December a new law, the Artificial Intelligence Act, governing how law enforcement will be able to use AI tools like facial recognition software to go through footage and images.
Still, EU lawmakers have already significantly expanded Europol’s powers to build new artificial intelligence tools and handle more data. Under the Digital Services Act, Europol and national police will also be able to swiftly compel tech companies to remove publicly accessible illegal content and hand over information about users posting such images.
Anne, a Europol investigator, said she doesn’t keep count of the number of kids she’s identified in her 12 years working in the field — but she remembers them. She requested not to use her last name to protect her investigative work.
“The thing that I will always remember from my cases is the images,” she said. “They stay in my head.”
