______2018/TEL58/LSG/IR/005 Session: 2

Microsoft Digital Crimes Unit

Submitted by:

Roundtable on Best Practice for Enhancing Citizens’ Digital Literacy Taipei, Chinese Taipei 1 October 2018

1 in 5 girls

will be sexually abused 1 in 10 boys

500 images of sexually abused children will be traded online approximately every 60 seconds. www.microsoft.com/photodna

PhotoDNA Cloud Service: An intelligent solution for combatting Child Sexual Abuse Material (CSAM) in the Enterprise

Secure Efficient Interoperability Images are instantly converted Reduce the cost Integrate via REST API on any to secure hashes and cannot be and increase the speed of platform or environment. recreated. Images are never detecting and reporting child retained by Microsoft. sexual exploitation images.

Reporting: For U.S.‐based customers, the PhotoDNA Cloud Service provides an API to submit reports to the National Center for Missing and Exploited Children. Internationally based customers will need to determine how to submit reports on their own. Microsoft does not provide advice or counsel related to these legal requirements or obligations.

Visit www.Microsoft.com/photodna webpage and select “Apply” 8250753738743…

3425594688810… Identify images to 9381614543396… verify 7970619785740…

Compute PhotoDNA Hashes 6355281102230… 1018650324653… for all images 6913585438775… 9469898399124… 8435970367851… 9092468906255…

Compare to hashes in the database Takes care of most of the necessary functions

8253738743… Allows you to integrate quickly 3424688810… 9384543396… 7979785740…

6355281130… 1010324653… 6913585435… 9468399124… Compute 8435977851… 2468906255… PhotoDNA Hashes for all images Compare

Identify images to verify • United States: “Sound Practices Guide – to fight child sexual exploitation online”. www.wearethorn.org www.missingkids.com • International: “Best Practices to Help File Hosting and File Sharing Companies Fight the Distribution of Child Sexual Exploitation Content.” www.ICMEC.org • Service Providers http://technologycoalition.org/ • INHOPE • Internet Watch Foundation

Photo Sharing Example

The ultimate goal is to prevent photo and video sharing sites from hosting child sexual abuse material and other exploitative content, but this content still manages to find its way onto these services.

The Problem The Solution The Results

Company A, an international site PhotoDNA has made this process In the first month of PhotoDNA’s with a large photo sharing service, significantly more efficient and operation, Company A was able to originally had a manual review and thorough, increasing the amount of send 10x as many illegal images to report process for identifying child material Company A can refer to the NCMEC as in previous months; exploitation material. This process National Center for Missing and PhotoDNA allowed the company to was slow and necessarily exposed Exploited Children (NCMEC), while make these reports automatically at staff to this illicit content. decreasing the number of images upload time, expediting the report staff must review. to law enforcement and reducing the amount of time employees spend on manual reporting.

Source: THORN – Sound Practices Guide to Fight Child Sexual Exploitation Online. Cloud File Storage Example

As more individuals and companies begin to use cloud file storage, it presents another environment for people to store child sexual abuse material, as well as an opportunity for service providers to find this content, remove it and report to NCMEC.

The Problem The Solution The Results

As a participant in NCMEC’s The implementation was a The implementation of PhotoDNA PhotoDNA initiative, Microsoft thoughtful and gradual process in started with the indexing process for implemented the PhotoDNA order to validate the testing of the image search in Bing (in order to technology on its services, including technology and to verify that the help prevent Bing from rendering Bing and OneDrive, it’s cloud right processes were in place as these child sexual abuse images in solution, to compare images publicly matches were identified. its image search results) and on shared or found on these services newly uploaded photos on OneDrive with the hash list from NCMEC. (to better disrupt the abuse of OneDrive for sharing these images). These deployments are worldwide.

Source: THORN – Sound Practices Guide to Fight Child Sexual Exploitation Online. PhotoDNA is a technology

Components needed to deploy PhotoDNA

PhotoDNA Cloud Service • New images uploaded by users are identified (e.g. from the service upload logs) • Previously unchecked images are sent to PhotoDNA Cloud Service for checking. • Matches are reported back by the PhotoDNA Cloud Service • Concerns: Bandwidth: for high volumes of images a lot of data is transferred 1. Asynchronous 2. New images Online Service process examines are sent to server logs to cloud service • Options: receiving identify newly for checking user content uploaded images Resize the images before sending PhotoDNA Send URLs or hashes instead Cloud 3. Any matches Service of images are reported • Any images on the corporate network are identified for checking in a similar way to how anti-virus operates. • Because sensitive PhotoDNA code should not run on user PCs new images are transferred to central IT servers. • Central IT servers send previously unchecked images to Cloud Service for checking. • Matches are then reported back to the IT servers. 1. Monitoring Software runs on PCs connected 3. New images are sent to • Concerns: to corporate network 2. Software transfers cloud service for checking images central Privacy: Proprietary/confidential IT server images could be transferred PhotoDNA IT Server Cloud • Options: Service Send hashes instead of images 4. Any matches are reported PhotoDNA is an image matching technology

compares hashes

PhotoDNA is key to removal of child sexual abuse images

− − −