The Canadian Centre for Child Protection (CCCP) is an important player on the global stage in helping to stop child exploitation. They engage in several activities to help identify and remove exploitive materials but also have tools that can help organizations find and remove content that makes its way on to their networks. While all organizations care about not storing illegal content on their servers, this is particularly important for public organizations that support non-employee users or for those that host user-generated content – both are situations where the risk is higher.
CIRA is particularly interested in the CCCP because we incorporate their feed of websites that contain exploitative content into our CIRA DNS Firewall service as an option for organizations to turn on and add this type of content to their blocklists.
We had Lloyd Richardson, Director of Technology at the CCCP deliver a webinar and wanted to share some of the details here.
Who is the Canadian Center for Child Protection?
The CCCP operates a number of programs with cybertip.ca being the primary one. This is a hotline for reporting online exploitive content. They run a missing kids program, they distribute information to schools in Canada and internationally, and they produce policy content for organizations that deal with kids.
What are the core functions of the organization as it relates to online content detection and removal?
The organization operates a toolset for helping to find and remove child sexually exploitive material (CSAM). They use a technology that compares images and video frames found online with known exploitive content. This is smart enough to detect even images that are similar but modified. This is then reviewed by an analyst to review and classified. The system then automatically issues a notice and takedown message. This system is aided by maintaining a survivor database so they can more accurately classify content. It also provides tools for law enforcement investigating and prosecuting crimes. And finally, the focus of the webinar is the tools they make available for industry via API – called Project Arachnid.
What does Project Arachnid do?
The first step is a tool that crawls across the internet looking for illegal material. As source material, they use the historical database and content that is pulled from known places where this content is traded. Once it finds the content it automatically notifies the provider such as a hosting company or other company that is unwittingly hosting it. These are organizations that are unwittingly used by those seeking to engage in this type of illegal activity.
What and where do they issue takedown notices?
Takedown notices are sent globally and with messaging relevant to the laws in the country. Notices also can vary between those that are clearly pre-adolescent and those that may have been victims of crime and want their images taken down. As it relates to adolescent images they also issue takedown notices – an area where it can be more challenging if there is a dispute.
What has it done since inception?
Since 2017, it has analyzed 2.9 billion URLs and 127 billion images and sent 7 million notices to providers around the world.
How can industry jump on board and use Project Arachnid?
CIRA incorporates the project’s feed into the CIRA DNS Firewall, so licensing that as a cybersecurity layer for your organization has that added benefit. That said, the core function is malware and phishing protection, so blocking the content is a step in helping to combat the problem.
From a global mindset, filtering isn’t the total solution and removal is most desirable. For those looking to ensure they aren’t having their servers unwittingly used to distribute illegal content, Project Arachnid provides the ability to scan media to avoid it being uploaded. It is a bit like treating the content that people upload to your servers like a virus that you scan before allowing it. For those with servers hosting user-generated content, it is an important way to help stop child exploitation.
To view the webinar recordingand access other videos related to CIRA’s cybersecurity services.
Visit Project Arachnid to learn more about how to use it.
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.
