To support MIT Technology Review’s journalism, please consider becoming a subscriber.
Besides “bad press” there isn’t much punishment for platforms that fail to remove CSAM quickly, says Lloyd Richardson, director of technology at the Canadian Center for Child Protection. “I think you’d be hard pressed to find a country that’s levied a fine against an electronic service provider for slow or non-removal of CSAM,” he says.
The volume of CSAM increased dramatically across the globe during the pandemic as both children and predators alike spent more time online than ever before. Child protection experts, including anti-child trafficking organization Thorn, and INHOPE, a global network of 50 CSAM hotlines, predict the problem will only continue to grow.
So what can be done to tackle it? The Netherlands may provide some pointers. The country still has a significant CSAM problem, partly thanks to its national infrastructure, geographic location, and its status as an internet hub for global traffic. However, it’s managed to make some major progress. It’s gone from hosting 41% of global CSAM at the end of 2021 to 13% by the end of March 2022, according to the IWF.
Much of that can be traced to the fact that when a new government came to power in the Netherlands in 2017, it made tackling CSAM a priority. In 2020 it published a report that named and shamed internet hosting providers that failed to remove CSAM within 24 hours of being alerted to its presence.
It appeared to have worked—at least in the short term. The Dutch CSAM hotline EOKM found that providers were more willing to take down material quickly and to adopt proactive CSAM detection measures, such as committing to removing CSAM within 24 hours of its discovery, in the wake of the list’s publication.
However, Arda Gerkens, chief executive of EOKM, believes that rather than eradicating the problem, the Netherlands has merely pushed it elsewhere. “It looks like a successful model, because the Netherlands has cleaned up. But it hasn’t gone—it’s moved. And that worries me,” she says.
The solution, child protection experts argue, will come in the form of legislation. Congress is currently considering a new law called the EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act, that, if passed, would make open services up to being sued for hosting CSAM on their networks, and could force service providers to scan user data for CSAM.
Privacy and human rights advocates are fiercely opposed to the act, arguing that it threatens free speech and could usher in a ban on end-to-end encryption and other privacy protections. But the flipside to that argument, says Shehan, is that tech companies are currently prioritizing the privacy of those distributing CSAM on their platforms over the privacy of those victimized by it.
Even if the lawmakers fail to pass the EARN IT Act, forthcoming legislation in the UK promises to hold tech platforms responsible for illegal content, including CSAM. The UK’s Online Safety Bill and Europe’s Digital Services Act could result in tech giants being hit with multi-billion dollar fines if they fail to adequately tackle illegal content when the law comes into force.
The new laws will apply to social media networks, search engines and video platforms that operate in either the UK or Europe, meaning that companies based in the US, such as Facebook, Apple, and Google, will have to abide by them to continue operating in the UK. “There’s a whole lot of global movement around this,” says Shehan. “It will have a ripple effect all around the world,” says Shelan.
“I would rather we didn’t have to legislate,” says Farid. “But we’ve been waiting 20 years for them to find a moral compass. And this is the last resort.”