Long live the UK Online Safety Bill, which decided to face the CSAM problem on P2P networks
Author: Carolina Christofoletti
Link in original: Click here
Early this week, Brazilian Law Enforcement Authorities woke up early to knock on the doors of Child Sexual Abuse Material (CSAM) criminals in the 8th version of what Brazil knows, since its first version in 2017, as the “Light of Childhood” (Luz da Infância) operation. If you do the mathematics, you will find that such operations happen twice a year and that they have a constant target: Peer-to-peer networks.
Brazil has known, since 2017 when Light of Childhood first begun, how much hibrid international and institutional cooperation matters when we talk about CSAM: Light of Childhood Operation was also part of the Child Rescue Coalition (CRC), a non-profit fighting Child Sexual Abuse Materials with a powerful peer-to-peer technology, sucessful software histories.
The amount of CSAM files found though those operations is impressive. Impressive also is the number of people who came to be caught red-handed: statically, in the 8th Version of Light of Childhood, we are talking about 50% of targets worldwide in this situation. Remarkable, for sure, how much they trust peer-to-peer architecture to provide them safety.
After all, the numbers are blatant and criminals trust that choosing the targets is a hard task for the police, who shall go to the “less discrete ones”. Criminals trust, as long as their number of downloaded files is not “so high” in a specific network (I would be curious to know how much those P2P networks are variated), that their criminal enterprise is safe enough to allow continuation. Thanks to Law Enforcement Agencies great work, it is not the case. It does not change, despite that, the fact that one has more than great reason to argue that this “perceived trust” must me immediately dismantled.
Forget not, every time a criminal download a CSAM file, he is sharing fragments of a child’s abuse worldwide. With peer-to-peer, it is a click what researchers, legal scholars and softwares engineers must solve. Forget not, those protocols are not isolated into computers’ architecture.
Those huge amounts of CSAM files found recently not only in Argentina, but also in Brazil, United States and others in the occasion of a transnational operation against Child Sexual Abuse Materials date from 2017 to 2020.
Criminals tend to be, them also, rational people. If one downloaded something through a peer-to-peer in 2017 and nothing happened until June 2021, they will not only keep with their peer-to-peer downloading, downloading more and more, but they will also advertise it to their criminal peers. Why are peer-to-peer networks still so popular? Because no one has touched the needed, also for those hash-based platforms (as we will see), to work with known CSAM hashes detectors.
Why? Because the technical architecture of that is so complex, and maybe still more complex, than configuring a firewall. But firewalls, they also, work with the “bottleneck points”, a word that some of those networks (as BitTorrent) also use (the “chocker” protocol)
What are peer-to-peer networks
Peer-to-peers are (P2P) in principle, respecting the particularities of each network, nothing more than a file transferring protocol achieved through a specific software that “bridges” the network between the peers. The core idea behind it is that, if everyone has a part of the file, transferring it becomes easier for everyone as, with that, one does not overload any server. As such, the files transferred via peer-to-peer software come to be not stored anywhere in the network, but, in fact, on its peer computers. In order to defeat it, one must ideally deal with files being stores and shared from third-party computers in real time. Though theoretically possible, it is practically unthinkable.
But how does it actually work?
When peer enter the network, they need to search for the file they want to be shared with them. Basically, one can type a search query, find whoever has the file and, from here, start the sharing. Sometimes, this “file having” announcement is done not directly through the software but through outside channels, where things look like that: “I have the file you want, so connect with me through a peer-to-peer and I share it”.
Remember that, in the end of the day, the connections are starting through a software that knows who is sharing what with whom, as he is the one who receives, through file specifications, the requests to connect. There is nothing new under the sun until there: Browsers, DNS servers and a bunch of other access path also know what one was trying to access
The hashes again
What, maybe, distinguishes peer-to-peer networks to a URL hosting Child Sexual Abuse Material (CSAM) is the daringness with which it operates: The files, illegal or legal, are all identified through hash values. This come to be, curiously, part of one of the technologies used to identify if and who is peering peer-to-peer files that were already accessed as being Child Sexual Abuse Material.
Both the if and who information are part of the transferring protocol, which will need, at the end of the day, of an IP information to send the file package somewhere. Because things are already hashed and because when one request the upload one becomes, immediately, sharer of that same file (the protocol here, forget not, works in a collaborative way), if one is uploading a known hash, he will only discover it when the police come to his/her door, without time of “alerting” anyone about that.
From this perspective, things like hash manipulation, commonly found on URL things, tend to be rarer here. After all, the file is stabilized in the file’s first share, needing someone to add it, for the “first time”, to the network. The problem with hash values is that criminals keep a track of them also, first because, prior to being a CSAM detection technology, hashes were integrity checkers. Translating it, the only way for one to know if, when downloading a CSAM file, one is not downloading a malware (very commonly found on those peer-to-peer networks and commented somewhere outside the network itself) or anything else is to check the hash value of it.
Analyzing things from the criminal’s point of view, downloading a modified hash is much more dangerous than risking the transferring the original file. Good for the police: Provided that this “which hashes” is as must keep being intelligence information, no criminal will ever know where the poisoned apple is.
Where the alarm rings
As I have mentioned somewhere else (read it here), the problem with giving hash technologies in the hands of outside-police folks is that we do not know how much we can trust our third part “collaborator”. Without setting an alarm which rings inside the “Watch dog” somewhere else in the world, hash-dataset can be perverted for “poisoning checking activities”. The premise is also valid if we want known CSAM files to be stopped already in their upload attempt: If the alarm does not ring somewhere else, they will start testing one by one their illegal collections.
In the case of peer-to-peer networks, this alarm rings inside the police. But, unfortunately, in a time that is already too late: Once one start downloading it, one start sharing it with others, and this numbers grow in a per-second rate, worldwide.
“The network is distributed. There is nothing we can do about it”.
So, I invite you to think about it for a while. Police is using the same hash technology to deal with peer-to-peer as some URLs, with centralized servers, are using to protect their networks against known files. The fact that the network is decentralized does not change anything, at least if we are working with entrance points.
Peer-to-peer file transferring are not occurring through people sending packages through the command line. The command line, she also, work most of the times with softwares. In peer-to-peer networks, the rationality is exactly the same: Peers are being connected through a software and the files are also being opened, in some of those, through specific files.
Those “softwares” warn you about the fact that, while downloading it, you are sharing it. They have “enough centrality” to display this message and to allow peers finding each other.
Is governance in P2P networks impossible?
From my point of view, no. If one deals with the water leak closing the faucet, no. If everything we do is seating there with a bucket, then yes. The very software that opens the file could, without any “far too technical” difficult, power its software with CSAM hash detectors technologies.
More than that: The hash values are public for the software. They could very well code it in a way that some files and some keywords present themselves as “requested denied”.
Governance inside peer-to-peer networks is not impossible, but it needs to be done through the access points. Governance does not belong to the police: It belong to the network itself, to whomever writes this code.
UK Online Safety Bill
Great the British that, together with their Online Safety Bill proposal, added a paragraph dedicated, specifically, to what they call “user-to-user” services. Though the formal concepts might seem different (and even though I defend the peer-to-peer terminology to make it clear to everyone what we are talking about), its definition matches, materially, the very same networks we were just talking about.
(1) In this Act “user-to-user service” means an internet service by means of which content that is generated by a user of the service, or uploaded to or shared on the service by a user of the service, may be encountered by another user, or other users, of the service. (2) In subsection (1) the reference to content that may be encountered by another user, or other users, of a service includes content that is capable of being shared with such a user or users by operation of a functionality of the service that allows the sharing of content (Part 1, 2, Meaning of “user-to-user service” and “search service”, Online Safety Bills Draft)
If P2P softwares were under a duty of care like that, downloads such as the one mentioned in the introduction might have stopped in their first attempt in 2017, with a single file, avoiding the other hundreds of them to survive, in a shared manner, until 2021.
“Dear user, your connection request was denied because the file you attempted to download matches a known to the police Child Sexual Abuse Material file. Downloading this kind of materials is illegal and its attempt are criminalized by some countries. We retell you that this use is an explicit violation of our Terms of Service and that we can apply you some measures (such as suspending temporarily your account or even prohibiting you from using our services, if appropriate) in order to enforce those prohibition rules”.
How much wouldn’t that have helped.
Think about it.