Neutral Intentions in the Era of Internet Crimes: Knowingly Access to CSAM, hacktivists and whistleblowers. -A proposed legal solution

Author: Carolina Christofoletti

WHAT I’M TALKING ABOUT

Directive 2011/93/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA Preliminary Explanation number 18: Knowingly obtaining access, by means of information and communication technology, to child pornography should be criminalized.

To be liable, the person should both intend to enter a site where child pornography is available and know that such images can be found there. Penalties should not be applied to persons inadvertently accessing sites containing child pornography. The intentional nature of the offence may notably be deduced from the fact that it is recurrent or that the offence was committed via a service in return for payment. Article 5, 3: Knowingly obtaining access, by means of information and communication technology, to child pornography shall be punishable by a maximum term of imprisonment of at least 1 year.

PRELIMINARY CONSIDERATIONS REGARDING CRIMINAL LAW SYSTEMATIC SCHEME OF ADJUDICATION

❏ Despite a very minority of crimes where a specific intent is needed (meaning that criminal offence only occurs when there’s a specific reason for something – for example, excepting carnal intercourse, all other sexual acts need, from a Brazilian perspective, a lewd purpose to be considered as such-, criminal law is ruled under something called neutral intention.

❏ Together with the conduct itself (called by common lawyers actus rea), intention is the second legal requirement for any criminal offence.

❏ Law needs to find a way to address all “illegal” acts as a general rule of conduct. Rules are, because of that, written in such a way so to give law enforcement an objective point of analysis.

❏ Though it doesn’t absolutely mean that, with the simple fact of perpetrating an illegal act one is to be prosecuted and condemned, it does mean that – depending on which criminal procedure rules we are talking aboutprosecution is risked.

❏ For criminal defences can only be argued in courts – meaning that it has no power of stopping the beginning of any criminal procedure (as, for example, absence of a criminal offence does), neutral intention becomes a problem if we are thinking about crimes being perpetrated by the Internet.

❏ But what does neutral intention mean after all? It means that intention falls into the verb. If one knows what the verb means and voluntarily acts in this direction, then the subjective requirement is fulfilled. Does the verb need an object, so there’s also a need to intend this objective description of reality (constituted most of the time by substantives and its accompanying adjectives).

THE CACHE PROBLEM

❏ Criminalization of knowingly access to CSAM derives from a criminal defence born with the cache problem. To simplify things, the cache problem emerges from a scenario where, in order to make web pages easily accessible to users who had already accessed it (guaranteeing that, for example, clicking on the comeback button doesn’t take 3 minutes but some seconds). For this functionality to work, a copy of the webpage (except if special software is used for that purpose) is being stored on our cache every time we open it.

❏ Since pages remained stored and accessible at any time by the cache, possession of CSAM was “laundered” by a very powerful defence.

❏ Since the images or videos were being stored automatically by the cache mechanism, there was no intention to perpetrate the conduct and as so, there was also no criminal offence (verb defence). Once possessing CSAM was a crime, but accessing previously CSAM stored at the cache constituted no criminal offence, there has been, for a long time, a clear loophole regarding virtual galleries of CSAM

❏ To address this specific situation, together with Thumbnail galleries accessible without any cache copy, criminalization of knowingly access to CSAM was born.

OVERCRIMINALIZATION

❏ As previously stated, when searching for words through which a criminal offence is to be created, legislators are looking for the broader category of acts and reasons as possible. That’s because no real world hypothesis shall be left behind.

❏ When we are talking about conduct crimes (as knowingly access to CSAM is), and for it is in this case also a general intention crime, legislation ends up addressing not only CSAM hacktivists but also CSAM whistleblowers. Law enforcement agents have, previously to that, already been addressed by legislation through

❏ Depending on what theory we are using and how is the applicable law regulating this, either there’s here no criminal offence (if we are working with the concept of illegality – ilicitud) or we are working with a criminal defence (if we consider that criminal law didn’t want to address those casesantijuridicidad)

❏ There’s no such a case for whistleblowers and hacktivists. And, the first reason for that is that, from a descriptive point of view (and if we are asking only for what the criminal conduct really is), criminal law is indifferent to good intentions.

WHISTLEBLOWERS AND KNOWINGLY ACCESS TO CSAM

Question for operators of European report channels: How many potential users of reporting platforms fear CSAM reporting?

THE DAY FORESEEABILITY DIED

❏ Criminal law has, for years, been settled over the rationality that we cannot corrupt the logic of things (legally called imputación objectiva by lawyers working on Civil Law Legal Systems). That means that, if every time we cook some water it boils, we cannot say that we didn’t know that the water would boil if we cooked it. World is predictable, but the point is that the Internet is not.

❏ We know that, when clicking on a website, the advertized webpage should open. But we don’t really know if we are going to find there exactly what we are looking for. Index helps until a certain point. The problem is that criminals not only do not want their activities to be properly indexed (this calls the attention of law authorities) but are, in fact, working on a more disguised, apparently legal way. The Main point of that is that criminal activity shall remain noiseless to legal authorities.

❏ After years of discussion, lawyers finally agreed that intention (including the foreseeability presumption) is an elementary part of a criminal offence. Though it seems a barely academic discussion, it has a very practical 1 A question that only makes sense if we consider that people have a clear knowledge of what the criminal offence if or if it is, somehow, previously explained to them. application: no imputation except if we can say that, in accessing this kind of material, one didn’t simply want to access something (clicking as intended verb) but also knew what he was accessing. ACCIDENTAL ACCESS TO CSAM Question for operators of European report channels: How is this kind of content being indexed? What are the differences between Open Web and Dark Web?

❏ If things are not properly catalogued – as they really aren’t, for that would make things easier for law enforcement authorities and crawling technology-, simply accessing a webpage showing CSAM instead of furniture (an example based in a real world case) would cause no criminal concern. Indeed, the only relevant information that we can extract from here is: now we have an internet user that really knows what is being displayed there (more than that, he saw it with his own eyes) and up to that point, if we simply know what is there, there’s already an intention regarding the verb object: Access CSAM.

❏ One possibility would be not to allow any criminal imputation coming from a real world situation where things are hidden by fake labels. The ratio is great, but it sets the real aim of criminal law into a very difficult situation: Except, maybe, highly protected forums (where shouting that out loud is not perceived as a problem), criminal material is being distributed in a softer, more silent way: slangs and miss categorization are part of the problem.

CRYPTOGRAPHY AND RECRUITING FORUMS

❏ When things like disguised websites start to appear on transparency reports, we must start facing accessing CSAM imputation with its real world challenges. If things are not done in that way, we may then risk getting only insufficient or even wrong targets, but never network key players. Considering that normal internet users are, most of the time, not worried about accessing webpages in an anonymous way, they can become easier targets for knowingly access rules than its criminals counterparts.

❏ Rather than real people, we shall start asking if key players are not also the so-called recruitment forums. Great insights for methodically oriented action could be found, for example, on the mechanics of counterterrorism. Borrowing this methodology shall provide a more clear way for law enforcement people to separate the wheat from the chaff.

PERVERSE EFFECT OF ACTUS REUS DELIMITATION

Question for law enforcement people: How are indexing varying with criminal offences?

❏ If we accept the assumption that criminals act in a rational way, we may also expect an interesting inversion: Since correct indexing of their criminal activities – that means, advertising CSA materials as such – would create an immediate burden on anyone daring to check it out, then distribution (speciality in already criminal and secretive forums) could be benefited from this new adjudication mechanisms.

❏ As correct indexing would put on non-criminals eventually stumbling across it the burden of not checking it out (remember that such explicit warnings would keep Internet users appraised of the potential illicit character of what they are about to click on), we could expect catalogues to become even more explicit and easy to find.

NEGATIVE OFFENCE ELEMENT AS A PROPOSED SOLUTION

❏ For this reason I believe that, warned or not, all CSAM reports should be legally protected against prosecution (for accessing CSAM and reporting it brings no elementary wrongfulness with it). That means that, in reporting for example an CSAM image X, an immunity against any questionable accessing image X should be guaranteed.

❏ That’s because when we talk about CSAM distribution, we are talking about crimes perpetrated normally by groups and in a scenario that the materials are, most of the time, being changed with by other images

❏ If we want to disrupt the cycle, first we need to know where the images are and, for whoever that has found it, how did they come into it. This last point in essential for it allows regulators to know where, exactly, the open doors are.

❏ We already know that, with exemption of highly secured forums and galleries, those kinds of content do not “survive” for a long time in Internet. We also know that it is possible that, when CSAM existence comes to the knowledge of criminal law authorities, the material can have already been moved to some other virtual place. Furthermore, we need people reporting it as long as they find it.

❏ As a way of guaranteeing that people report it as long as they found those kinds of contents, criminal law should offer them a certitude parameter for a criminal offence whose adjudication is still, per se, complex. It doesn’t matter if this was a case of knowingly access (and, consequently, there is a criminal offence) or not (neutral action). If the case was reported to legal authorities or its cooperative bodies, then no criminal offence (that is, only knowingly access) can be adjudicated.

❏ The immunity shall only be valid for knowingly access to CSAM. There shall be no immunity for producing, sharing or possessing this kind of material (even though, in the case of possession, the same rationality shall apply for the case of received content). Protecting the receivers that are leaking it out to legal authorities shall solve, at least theoretically, the legal problem of reporting content that is to be found in private “groups” in which one is a participant.

SERENDIPITY AND LEAKING OF CRIMINAL ACTIVITIES

Question for law authorities and managers of European report channels: How CSAM hosted on the Darknet is distributed and why do .onion report numbers remain so low? How many report channels for CSAM are available at a Tor version?

❏ Real world data is still necessary to elucidate this point. The main question here would be How CSAM hosted on the Darknet is distributed.

❏ This is important for two reasons: First because, if serendipity rule does apply (what means that, in investigating a crime law authorities can, without violating any axiological basis of criminal procedure at all, find evidence of another criminal offence being perpetrated), then we shall expect that most of the leaked CSAM hosted in the Dark Net are either orphan carpets or material mixed with some other legal content. As there’s another criminal offence surrounding the circumstances of a CSAM forum or even of a drugs or guns Black Market – for example-, we shall expect that those cases remain underreported or that administrators of those places are themselves dealing with it without legal authorities not even knowing anything about it.

❏ If administrators control were efficient, then we should not be worried about that (think about Silk Road, where sharing this kind of material was expressly prohibited). The problem is when criminal activities starts to mix with each other. Darknet purity shall provide us with a relevant data in that sense.

❏ According to Article 2 of the European Directive for Whistleblowing Protection, leaking child sexual abuse material does not fall into its material scope of protection.

❏ While report channels are very common on Open Web Resources, we may ask how many of them are also available for users accessing their channels through anonymization software programs. How many report channels for CSAM are available at a Tor version?

ETHICAL DISSIDENTS AND RULE-BREAKERS OF HIDDEN FORUMS

❏ There’s a categorical difference between a CSAM consumer reporting this kind of content and someone reporting it but being anyhow involved with it (so-called whistleblowers). For the first case, the philosophical basis of sanction is more complex and immunity shall provide law enforcement agents with some further benefit of public interest.

❏ Despite that, we cannot deny that a real governance against CSAM needs also criminals cooperating with law authorities (Remember that, when Wonderland Club was broken law authorities said that, was not the leaking of one of its members, than I would have taken legal authorities about 40 years to solve the cryptographical challenge of the platform).

❏ If we want criminals cooperating to law enforcement authorities, we also need to think of a real policy of incentives to them. The name here is not “immunity” but a real absence of sanction or plea bargaining, depending on the case and how does leaked information really correspond to a public purpose of solving the online CSAM problem.

❏ There’s still some sorts of practical questions to be discussed here (specially for the mechanism cannot be a “laundering” one) which will not, for there are very specific points, be addressed in this paper.

HACKTIVISM AND KNOWINGLY ACCESS TO CSAM

Questions for operators of European report channels: How many reported CSAM is, for law authorities and its cooperators, hosted in plain-view? How many of those reported websites (as links are still the main data asked by reported channels) are weakly protected or even not secured at all? How many reports simply die because the content simply couldn’t be accessed? What would be the impact of further, more complex information?

DEFINITION

❏ Hacktivism is a more complex case for, from the objective point of view, they were looking- though in a law-enforcement friendly manner- for the objectionable content. Though the name hacktivism has “hack” in its roots, which remember us most of the time of gathering of personal information, the sense in which I’m using it here is a broader one. When I say hacktivist I mean anyone who is looking for CSAM material on the internet in order to report it but without any legal mandate for it.

OVERCRIMINALIZATION

❏ And here we have a more sensitive case for, once the legal mandate does not exist, legislation sets hacktivism under the common rule where no criminal defence is previously stipulated. We shall remember that criminal law is indifferent to good intentions and, as “child pornography” crimes are most of the time conduct crimes, the criminal offence would have already been perpetrated – was CSAM existence leaked out to authorities or not- from the point that it’s defendant were really looking for it. To be liable, the person should both intend to enter a site where child pornography is available and know that such images can be found there.

AXIOLOGICAL CONTRADICTION

❏ Beside hacktivists, there’s also someone else looking for this kind of contents in order to report it: Law enforcement authorities.

❏ In their case, legislation are protecting them (together with other cooperative agencies) by excluding the wrongfulness element from their action.

❏ Since hacktivist are also reporting it, the only reason for their criminalization is a formal one: they have no legal mandate.

❏ But if both agents are working exactly on the same task and in so far that hacktivist reports are being somehow supervised, isn’t it also true that no wrongfulness shall be seen in their acts?

❏ If so, shouldn’t we also expect an adjudication immunity regarding CSAM that they have themselves immediately reported?

DATA GATHERING AND EVIDENTIARY RISK

❏ From a systematic point of view, we shall all agree that there shall be no right of privacy regarding criminal activity in plain-view (that means, where materiality is to be seen in plain view, and we are not talking about private investigations of any kind)

❏ The problem with hacktivist is that we need to adapt criminal procedure to new challenges of an evolving reality. As we mentioned previously, illegal content can and most of the time do suddenly “disappear”, being moved to somewhere else.

❏ The point with information gathering is that, from a preliminary point of view, it risks poisoning the entire criminal procedure, and specially if this private evidence is the only one that law authorities have.

❏ Since hacking for gathering personal information is, in most jurisdiction, a crime, evidence is illegal and cannot be used in any phase and for no reason in a criminal procedure. Regarding this controversy, we shall remember that it was exactly this discussion which brought F.B.I. (with its NIT malware) to American Courts when they were facing the Playpen Case.

❏ For this information to be legally used somehow, it has to become licit. Remember we have a good reason for that: We are talking about people leaking CSAM.

❏ Regarding CSAM crimes, an absence of wrongfulness shall be foreseen for reported cases. Regarding hacking, absence of wrongfulness shall be examined on the same way.

CORPORATIONS ARE FACING EXACTLY THE SAME ISSUE WHEN FACING MANDATORY REPORTING

❏ When internet service providers are gathering access data about people hosting criminal content on their platforms, they are not hacking anyone. But that’s because they don’t need to. For them, information is most of the time in plain view.

❏ Corporations are being asked to cooperate and shall cooperate. The fact that the only reason that is allowing them to do that because hosted content is criminal according to the governing jurisdiction (otherwise only removal shall be allowed) clarifies that there’s no right of informational privacy when we are talking about criminal contents.

❏ Corporations are also working in an absence of wrongfulness base. As hacktivists, they are also classifying material themselves and making a decision. Was the material found not to be criminal but was so reported based on a reasonable error of qualification, then no legal sanctions shall apply neither to them nor to hacktivists.

❏ Remember that criminal law is also indifferent to what happened after the report (was that criminal or not). Relevant is only how the things seemed to be at that exact time. Conclusion: whistleblowers and Hacktivist should be ruled not by General Part of Criminal Law but rather by a specific negative element of criminal offence.

❏ It’s undeniable that, in the way that “child pornography” laws are currently written, any reportee risk, at some level, to be said compliant. Criminals profit from a huge psychological incentive called fear of prosecution. The bad news is that, saying it from a Comparative Law Perspective, hacktivists and whistleblowers were left to the ever-changing- and never touchable by International (and also European) Criminal Law- General Part of Criminal Law. The point here is that it should not be like that, at least if real cyber governance is what we are looking for.

❏ Remember that harmonization does not and cannot touch nor legal qualifications nor criminal defences. That means that, are there 30 countries on the European Union, are there 27 rules for the whistleblowers of any kind.

❏ Apart from that, we shall agree that something like private parts helping governments on the task of finding, blocking and removing CSAM so fast as they appear is not only a scenario which we shall seek after but also a conjuncture that shall render governance more efficient than ever.