[VieElm]

If you're in the United States you should call the National Center for Missing & Exploited Children[1]. They already work with internet service providers to help identify unencrypted images depicting abuse transported over their network. They do this, I think, at an automated level. They should have the information you need. You should probably also call the FBI.

http://www.missingkids.com/Contact

[unclebucknasty]

But, should he/she contact legal counsel prior to contacting the FBI or anyone else? Personally, I think I would want to understand my potential culpability and other factors here.

[ender7]

You should definitely consult legal counsel before and during talking to the authorities (which you should also do). The laws surrounding CP in particular are outdated and do not fit well into the digital world. For example, simply looking at CP can be a crime, which can make it difficult to report unless you know the right words to say. Always consult counsel in these cases.

[some_furry]

Definitely talk to legal counsel, but I can already tell you what the FBI told me when I asked them about this exact situation in a hypothetical:

"You didn't ask for it or seek it out did you? Someone else uploaded it to your server and you don't want it? Report it to us, then delete it once we've collected our evidence."

That's probably representative of the average agent's disposition, but make sure your ass is covered first.

[balls187]

> Report it to us, then delete it once we've collected our evidence.

This seems very ominous.

[Frondo]

Why does that seem ominous? Genuine question. What would be a non-ominous response from the FBI in this situation?

[unclebucknasty]

Part of what makes it ominous is that the agent is too casually requesting that the host open the gates, and suggesting that the host has zero-risk, simply because he/she states his/her innocence.

This, when it seems pretty obvious that they'd have to do some investigation of the host, if only to rule out his/her degree of involvement.

[fnordfnordfnord]

Something written from the FBI, like a receipt that the FBI has received the evidence and it is therefore of no consequence if the files are deleted. Something that will keep him out of jail if by chance another unrelated law enforcement agency happened to be investigating and became upset or suspicious because evidence was disappearing.

[balls187]

"Collecting evidence" seems extremely broad. What is the evidence collection process? Access granted to servers, wire sniffing, seizing of hardware? How long will that process take? What recourse is available should the FBI seize hardware?

I know the parent commenter said they would speak with a lawyer, I just wouldn't take comfort in a casual remark by an FBI agent.

[steanne]

not to me. ominous would be "we'll delete it once we've colected our evidence."

[caligastia]

Never never trust the FBI. That's how they nailed DotCom, instructing him to let them collect 'evidence' against someone else, then they used it against him. Seems like you're in a hornet's nest, and you're not even making any money for your trouble.

[unclebucknasty]

>This seems very ominous.

It does. Likewise with the casual questioning of guilt and suggestion that his/her answers will simply be taken at face value.

[lifeformed]

Why would they self report it then?

[unclebucknasty]

Exactly. Beyond my own liability, the other question I would want answered is whether I could potentially be compelled to cooperate in some long-term investigation. If so, then what could that mean in terms of time and expense, and is it worth it?

[roel_v]

The alternatives are

- shut it down right now

- take a 'wait and see' approach. Then one day during the course of a bigger investigation they find that your server is hosting CP. Also, you apparently knew about it and didn't do anything (admittedly proving this will be quite difficult and unlikely, but still). In that case, they'll come down on you like a hammer.

Better be proactive. And if you're paranoid about the feds jailing an infrastructure provider who actively came to them asking for help (do you have any examples of where this happened? even just an investigation?), then all you have left is option 1.

[unclebucknasty]

The alternative I'm suggesting is to retain legal counsel to determine what my actual alternatives are and their associated potential costs/risks.

[DasIch]

You are not seriously asking whether it's worth it to help law enforcement stop child abuse?

[unclebucknasty]

Yes, I am.

Volunteering to help stop child abuse and being compelled to participate in an investigation of unknown depth, breadth, duration, and resource burden (time, money, etc.) to you are two completely different things.

If you've never been involved in litigation or other legal situation wherein you couldn't just stop the process whenever you chose to, it might be more difficult to imagine the stress and costs involved, as well as the loss of control over one's own life.

It's nice to think that it's worth it at any cost (and at the sacrifice of one's other life responsibilities). But, of course, given that one can volunteer to make such a sacrifice without waiting to be compelled by a police investigation, then anyone who has not already chosen to do so might be wise to consider whether it's really a manner in which they can afford to help.

(EDIT: conciseness)

[mschuster91]

> "potentially be compelled to cooperate"

In the US, you're likely to be left alone with all the associated costs. Help the cops all right, but if I do their work for them, I don't want to bear all the costs.

[praptak]

Talking to cops is a bad idea. I'd only do that if I had to and even then I'd minimize the exposure: https://medium.com/human-parts/good-samaritan-backfire-9f53e...

Also, the abuse already happened, you are only stopping the dumber CP collectors from sharing images of it.

[DasIch]

That abuse has already happened sure but it will probably continue. You want to follow any trace you can find to suppliers. Shutting down demand might also help in eliminating any economic incentives that might exist on the supply side.

[Goladus]

> You are not seriously asking whether it's worth it to help law enforcement stop child abuse?

How about you donate all your time, money and resources stopping child abuse.

[DasIch]

Nobody is talking about donating all time, money and resources of anyone towards that goal.

In any case if you create a platform (you possibly profit from) that is used to distribute child pornography you are faced with restrictions that the rest of the public understandbly isn't.

I see no reason OP shouldn't be legally compelled to cooperate in an investigation in at least the same way a witness can be.

[fnordfnordfnord]

You say that as if the cost of helping is near zero. What if authorities decided that your hobby project's server was interesting to their investigation, and subsequently showed up at your home with a warrant to seize every electronic device in your home/business, including the server that hosts your business, as well as unrelated things like cell phones, video game consoles, etc?

[DasIch]

So instead of going to the authorities directly, describing the situation and offering to work together you propose sticking your head in the sand, trying to deal with the problem on your own and hoping the authorities won't ever come across child pornography on your site?

Especially at a scale where you need automated systems to deal with the problem, law enforcement will inevitably notice sooner or later. I can't help but fell that it's not going to go over well with them (and it shouldn't), if they notice you deleted that content and possibly destroyed evidence in the process.

Technology companies and law enforcement have cooperated on this issue for a long time very successfully. They have experienced people working on nothing but this kind of thing and you're not going to deal with some local low level idiot that barely manages to deal with noise complaints. There is no reason to be paranoid and to believe they are going to act stupid.

[kw71]

Is there an automatic script to thumbnail images? That simply multiplies the number of problem images in your data store.

[kanamekun]

You should report any child porn to the CyberTipline, run by NCMEC: https://report.cybertip.org/index.htm

NCMEC has protocols around how to report the images/video, and how to delete it on your end.

I would highly recommend against calling the FBI. You should work with NCMEC, as they have experience working with this stuff and their CyberTipline is one of the major ways that Congress has mandated that online service providers should report this stuff. Plus talking to law enforcement employed by the federal government has a host of risks associated with it:

https://en.wikipedia.org/wiki/Making_false_statements