To support MIT Technology Review’s journalism, please consider becoming a subscriber.
Besides “bad press” there isn’t much punishment for platforms that fail to remove CSAM quickly, says Lloyd Richardson, director of technology at the Canadian Centre for Child Protection. “I think you’d be hard pressed to find a country that’s levied a fine against an electronic service provider for slow or non-removal of CSAM,” he says.
The volume of CSAM increased dramatically across the globe during the pandemic as both children and predators spent more time online than ever before. Child protection experts, including the anti-child-trafficking organization Thorn and INHOPE, a global network of 50 CSAM hotlines, predict the problem will only continue to grow.
So what can be done to tackle it? The Netherlands may provide some pointers. The country still has a significant CSAM problem, owing partly to its national infrastructure, its geographic location, and its status as a hub for global internet traffic. However, it’s managed to make some major headway. It’s gone from hosting 41% of global CSAM at the end of 2021 to 13% by the end of March 2022, according to the IWF.
Much of that progress can be traced to the fact that when a new government came to power in the Netherlands in 2017, it made tackling CSAM a priority. In 2020 it published a report that named and shamed internet hosting providers that failed to remove such material within 24 hours of being alerted to its presence.
It appeared to have worked—at least in the short term. The Dutch CSAM hotline EOKM found that providers were more willing to take down material quickly, and to adopt measures such as committing to removing CSAM within 24 hours of its discovery, in the wake of the list’s publication.
However, Arda Gerkens, chief executive of EOKM, believes that rather than eradicating the problem, the Netherlands has merely pushed it elsewhere. “It looks like a successful model, because the Netherlands has cleaned up. But it hasn’t gone—it’s moved. And that worries me,” she says.
The solution, child protection experts argue, will come in the form of legislation. Work is underway in the US to amend Section 230 of the Communications Decency Act, a law that broadly means the creators of content online are legally responsible for that content rather than the platforms that host it, although platforms are not protected from federal criminal prosecutions.
Senators have proposed a law called the EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act, which would strip providers of online services of the legal protections Section 230 gives them in cases involving CSAM, meaning individuals could file civil lawsuits against them while simultaneously opening them up to criminal charges under state law.
Privacy and human rights advocates are fiercely opposed to the act, arguing that it could force companies to feel they have no alternative but to host less user-generated content and to abandon end-to-end encryption and other privacy protections. But the flipside to that argument, says Shehan, is that tech companies are currently prioritizing the privacy of those distributing CSAM on their platforms over the privacy of those victimized by it.
Even if the lawmakers fail to pass the EARN IT Act, forthcoming legislation in the UK promises to hold tech platforms responsible for illegal content, including CSAM. The UK’s Online Safety Bill and Europe’s Digital Services Act could cause tech giants to be hit with multibillion-dollar fines if they fail to adequately tackle illegal content when the law comes into force.
The new laws will apply to social media networks, search engines, and video platforms that operate in either the UK or Europe, meaning that companies based in the US, such as Facebook, Apple, and Google, will have to abide by them to continue operating in the UK. “There’s a whole lot of global movement around this,” says Shehan. “It will have a ripple effect all around the world.”
“I would rather we didn’t have to legislate,” says Farid. “But we’ve been waiting 20 years for them to find a moral compass. And this is the last resort.”
Correction: An earlier version of this article incorrectly stated that Section 230 of the Communications Decency Act does not make exceptions for CSAM. That was incorrect, and the article has been updated to reflect that CSAM violates federal law.