Only 100

I have written many times about the fantastic work Microsoft did when they developed Photo DNA – the tool that allows law enforcement and other agencies to create a “digital fingerprint” of a child abuse image. This “fingerprint” can then be deployed on a network to detect any re-occurrences of the same image thus either preventing it from being uploaded again or expediting its removal and investigation if it is already being stored there. It’s a great service to the victims depicted in the images and can save a huge amount of police time in several different ways.

Microsoft did not have to create  PhotoDNA. There was no law or regulation obliging them to do so, much less was there a law or regulation saying they then had to give it away for nothing, which is what happens. Microsoft did it because they could and because they knew it would do good in the world. Three cheers, again, for  Redmond.

Now switch to Mexico. The Internet Governance Forum is in session. I am in the audience. A senior Microsoft Executive discloses that 100 organizations are using PhotoDNA.

We know that Twitter, Facebook and Google are three of the 100 because they speak about it in public frequently. When I asked Microsoft for information about the other 97 – who are they, what types of businesses or organizations are in there? – the shutters came down. Confidentiality agreements prevented Microsoft from going into  detail. All I learned was that within the 97 are law enforcement agencies and NGOs. In other words the 97 are not all internet businesses.

Marshalling those super sleuthing skills and powers of deduction for which I am justly famous,  I decided to check out if Microsoft itself might be using PhotoDNA and, sure enough it is. PhotoDNA appears to be  integrated into its Cloud Service so, presumably, that means the Microsoft business is on board, as are the unknown or undisclosed number of Cloud Service customers.

But leaving aside Microsoft’s Cloud Service customers who are covered I am still deeply shocked at the seemingly very low rate of take up of PhotoDNA.

Any and every business that provides members of the public with any kind of online storage facility or transmission mechanism must know that sooner rather than later their services will be used by those who are engaged in child abuse.

That being so, why would they NOT deploy a tool like PhotoDNA?

Every online business should be obliged to take all reasonable and proportionate steps to mitigate all forms of unlawful behaviour that might otherwise take place on their networks even  though, without actual knowledge,  they can never attract substantive liability for  the unlawful conduct or content in question.

I am not suggesting we interfere with or change the rules concerning the liability of intermediaries but just as restaurants must always comply with food hygiene laws, online businesses should be required to do likewise in respect of cyber hygiene.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Child abuse images, Default settings, E-commerce, Facebook, Google, Internet governance, Microsoft, Regulation, Self-regulation. Bookmark the permalink.