Wednesday, August 25, 2021

Digital Godsend or Curse? Apple’s New CSEM Measures and the latest chapter in Privacy/Protection Debate.

By Alex Rodrigues, PsyD

Recently, the tech juggernaut Apple garnered considerable attention after announcing new steps to combat child sexual exploitation material (CSEM) or child pornography.  The company declared it would take more decisive actions to counter the proliferation and sharing of child sexual abuse content.  More specifically, the company plans to launch protections with the Messages and iCloud Photo apps as part of routine software updates scheduled later this year.

For many, Apple’s announcement was long overdue.  In 2020, the National Center for Missing and Exploited Children (NCMEC) received over 21.7 million reports of suspected online child pornography in the U.S. (This process will be detailed more below). Compared to other companies like Google and Facebook, Apple has initiated far fewer NCMEC CyberTips or referrals for suspected CSEM.  However, Apple’s announcement was also met with concern from privacy advocates. While no one was championing the rights of CSEM producers, privacy experts were alarmed about the unprecedented steps the company was taking, the threat such measures posed to personal privacy, and how these new tools could cause more harm than good.

Before diving into the privacy/protection debate currently encompassing Apple, one needs to understand how most Internet CSEM is identified and NCMEC's role.  NCMEC is responsible for much of the initial work in a child pornography investigation.  The organization serves as a clearinghouse for child pornography investigations. It has a massive database of known CSEM images and videos.  Typically, the investigation process starts when a tech company or electronic service provider (ESP) identifies CSEM on its platform and refers the case to NCMEC.  For instance, someone may attach CSEM to a Google email or upload child abuse content to his Dropbox account. Tech platforms identify such content as part of routine monitoring.  They then refer the matter to NCMEC with a CyberTip, containing information about the suspected offender, including email and internet protocol (IP) address.

Next, NCMEC reviews the media in question.  CSEM content is identified, like all digital media, by its hash value, a string of numbers specific to that image or video. The hash value serves as a digital fingerprint.  Technically, the database is ignorant of the actual image depicted and is only looking for a pre-identified number series.  NCMEC checks the image’s hash value against its database of recognized CSEM and associated hash values. With the assistance of geolocation technology, NCMEC can help identify where the content was uploaded and notify local law enforcement, which then assumes control of the investigation.

While the technology and referral process outlined above has been around for some time, Apple’s new approach differs. The search for CSEM will occur at the individual phone user’s level.  Supporters argue this approach will combat CSEM earlier, or “upstream.” The company recently reported, “Instead of scanning images in the cloud, the system performs on-device matching using a database of known CSAM image hashes provided by NCMEC and other child safety organizations” (apple.com/child-safety, 2021).  A hit, or match for CSAM hashes, will result in a “safety voucher” being produced.  Safety vouchers condense and encode information of the suspected CSEM.  If the specified number of safety vouchers is met, the information will be decoded and reviewed by an actual person.  

At this point, I suspect most tech neophytes are feeling overwhelmed by all the heavy jargon use.  So, let’s use the traditional mail system, or “snail-mail,” to understand the process better.  Imagine that your mailbox represents Apple and individual mail envelopes represent suspected CSEM.  Whenever an image with known-CSEM hashes is found, it is packed into an envelope and placed into your mailbox. Now, obviously, you can't physically see into the sealed envelope and identify its contents, similar to how someone cannot initially see the encoded contents of an Apple safety voucher.  Also, you're not permitted to open that envelope of possible child pornography until your mailbox is packed with similar envelopes of suspected CSEM.  Once the threshold is reached, in Apple’s case, the number is 30 safety vouches; you are then allowed to unseal all those stockpiled envelopes and investigate their content.  For Apple, the encoded information in a safety voucher cannot be decrypted and read until enough other safety vouchers are collected.  This threshold limit minimizes the risk of false positives.

Only those photos uploaded to iCloud will be subject to review. Apple users can opt-out of this process by disabling iCloud Photos, and the system does not search for non-marked images involving children.  For instance, a parent who takes a picture of her child bathing will not be flagged for CSEM.  That personal family photo's hash value will not match those already identified by NCMEC as CSEM. 

Many see such technology as a welcomed tool in the fight against child sexual exploitation. However, privacy advocates worry that nefarious actors may use the technology for ill intent.  Hypothetical examples include governments utilizing the tool to identify images other than CSEM.  Imagine if a regime hostile to homosexuals decided to create a database of supposed gay-related pictures to identify LGBTQ individuals.  Again, the software is indifferent to the actual content depicted and only focuses on identifying specific hash values.  Nothing stops a country from developing a database like NCMEC’s compiled of only “gay” images.  Another example includes the Chinese government employing such technology to identify Muslim Uighurs.  Presently, the only thing preventing countries from using Apple's technology in such manners is the company's promise to prohibit such uses.  However, critics question whether Apple can maintain prohibitions in the face of economic pressure and the threat of being ousted from a country for noncompliance.

The debate surrounding Apple's new child safety protocols highlights the delicate balance between protecting children and safeguarding privacy.  It's also a precursor for what will likely be many future complex discussions involving these noble, but sometimes competing, interests.  Various sources have done excellent work covering this evolving situation. Popular websites like Tech Crunch and Technology Review.  Additionally, the details outlining the new technology are listed on Apple’s website.

Friday, August 20, 2021

Community, no unity? How do we build it!

By Kieran McCartan, PhD, Kasia Uzieblo, PhD, & David Prescott, LICSW

The last week has been a challenging week on the local (a shooting in Plymouth England by someone identified to have incel beliefs) and on the global stage (the return of the Taliban in Afghanistan) with sex and sexuality at the centre of both stories. You may wonder what links these two stories, both from opposite ends of research and practice in our field? The incel story is a conversation about mental health and risk management. It is a conversation about whether being an incel is a cognitive bias, a mental illness or simply a series of problematic attitudes and beliefs. It is a conversation about attitudes towards women and girls from a select subgroup of individuals in our society and what we can do to prevent violence and promote a proper understanding of and commitment to healthy and equal men-women relationships. But interestingly the Taliban story is the same story but from a meta perspective; it is a story of how a larger and more defined, and co-ordinated, group of people have problematic and antisocial attitudes to women and girls that promotes intolerance, bias, and violence. In both cases, the incel and Taliban story, the underlying current is that females are the problem and that violence and anti-social behaviour towards them is acceptable and justifiable. Both these stories remind us that the context in which we live matters, whether it’s the sub-group that we are part of, the country where we live, or our broader human values – the idea that violence towards women and girls is acceptable although? It is fundamentally wrong but seems to exist globally.

As a global community we have developed policies and laws that aim to reflect our attitudes and beliefs. Attitudes and beliefs that were developed in westernised, northern hemisphere countries and then challenged and adapted by the rest of the world. These laws, policies, and guidelines reflect the need for justice, equality, equity, and standards of living across the world. The recognition that all these shared values and beliefs are not balanced internationally with some countries adhering to some and not to others resulted in the creation of the “Sustainable Development Goals” (SDG’s) by the UN. The expectation is that to be recognised by the UN, and to play an active role within it, you must adhere to these 17 development goals, The SDG’s impact countries and people directly as well as indirectly, through international sanctions and trade agreements through to altering national laws so that they reflect them. Some of the SDG’s talk directly to the field of sexual abuse than others, these are:

-              Good health and wellbeing

-              Equal access to quality education

-              Gender equality

-              Reduced inequalities

-              Peace, justice, and strong institutions

These SDG’s reinforce the need for access to health, wellbeing, and mental health services as preventive as well as responsive requirement in dealing with sexual abuse for both victims and people convicted of a sexual offence. These SDG’s also talk about the importance of balanced, informed, and evidence-based education for all regardless of geographic location or gender. Access to education can change attitudes and challenge anti-social and problematic behaviour. In addition, access to education can increase the prevention of sexual abuse by increased awareness and help in the integration of people impacted by sexual abuse through greater understanding of the aetiology as well as impact. Also, increased access to justice means that societies become more trusting of the state and that people are more likely to report sexual abuse, and ultimately more likely to get the help and support they need.

However, it would be naive to think that these changes will happen overnight. On the contrary, our (recent) history shows that it is more like a process of Echternach where you take two steps forward and then one step back. Take for instance the situation in Poland: Although Polish women have gained many rights over the past decades, the current ruling party has managed to trample women’s rights in the past few months without too much resistance from the UN or Europe, except for some critical tweets and threatening language from political leaders. This shows that the SDG’s cannot be taken for granted, even not in the westernized part of the world. The questions it also evokes is whether we are sufficiently prepared to fight for this? Are we prepared to take on this seemingly never-ending struggle? Do we remain vigilant, or do we let it take its course and turn our heads the other way? Will we only call out our concerns on social media and change our Facebook profiles in support of disadvantaged groups in our society or do we take actual and effective actions?

The two stories highlighted in this blog really reinforce that across the socio-ecological model (i.e., the incel story is particularly reflective of the individual and interrelationship stages and the Taliban story more reflective of the community and societal stages) more work needs to be done to strengthen our shared global values (the SDG’s) and that no part of society or corner of the world is immune from distorted attitudes and beliefs towards women. We need an individual and global assertive response and perseverance.

Friday, August 6, 2021

ATSA’s Commitment to Addressing Race, Power and Privilege (RPP) – Where are We Now?

By Judith Zatkin and Joan Tabachnick 

In 2018, the Board of Directors of ATSA made a deep commitment to addressing the issue of race, power, and privilege.  In their public statement, the board formally “recognized that race and privilege impact ATSA’s work and the work of ATSA members.  Furthermore, the board voted to ensure that ATSA commits to incorporate privilege and race issues into all of its strategic goals.”  

This statement came through the work of ATSA’s Prevention Committee and followed a survey which found that:

- 87% of respondents agreed that issues of RPP had an impact on perpetration, survivor’s healing process, and prevention.  

- just over three quarters (76%) agreed that ATSA should address RPP.  

Since this initial statement, each of ATSA’s committees also made a commitment to look at how RPP affect their mission and its’ implementation.    

Over the last two+ years, the Prevention Committee workgroup met weekly and through our work, conducted more than one survey, developed a series of infographics based on what we heard to be disseminated through social media, hosted a conversation at last year’s ATSA conference, and most recently, hosted a series of six meetings with board members/representatives from each of ATSA’s committees to ensure that each committee has begun to incorporate these issues (race, power, and privilege) into all of their committee work.  

The six sessions developed by ATSA’s Prevention workgroup on RPP and attended by the representation of ATSA’s broad array of Committees provided a strong foundation for incorporating RPP throughout ATSA.  We were happily surprised that most of ATSA’s committees had followed the board’s stated commitment and hosted a number of serious conversations about the impact of RPP on their particular area of expertise.   Much of the conversation was captured through an artist’s rendering of the discussion.  It was helpful to vividly see the challenges and the opportunities organized and laid out for us as we walked through the discussions.  It highlighted how we have to step up to the challenge of what language we want to use, how to address the concerns that we have heard from some members about this new direction, and we began to consider how our organization could be more inclusive and encourage a broader range of representation.  Some key concepts for organizational change were also discussed, bringing in concepts of how to overcome barriers to uncomfortable conversations and rather than talking about “safe spaces” to use the concept of “brave spaces.”  For us on the Prevention Committee, it was also exciting to think about how over ten years ago, the ATSA board made a commitment to integrate prevention into all of ATSA and we have done just that around prevention.  The board is now poised to do a similar initiative and commitment around ATSA’s response to the issues of race, power, and privilege.  

These six sessions began that deeper commitment.  Through these six sessions, the Committees shared a deep commitment to this organizational change and offered many ideas and suggestions for ATSA’s next steps, and voiced a strong consensus that the ATSA Board of Directors needs to take a role in this process in a sustainable, specific, and permanent way.  A proposal will be presented to the ATSA Board of Directors meeting in August with the specific request of creating a limited time, board led the working group that will: 

- Develop Pillars/Guidelines of RPP for ATSA.  These Pillars/Guidelines will establish a clear direction for ATSA and ATSA committees as we integrate RPP into the work we do.  

- Identify and bring forward the language and clear definitions that will be used.

- Offer specific recommendations for the next steps based upon the ideas shared to date.   

- Offer specific recommendations for the ideal structure moving this integration of RPP into ATSA.

- Ensure diverse representation (including international voices) on the final BOD Working Group

We hope that from this next ATSA board meeting, we will create a time-limited working group to address this list of tasks.  We are so thankful for the commitment of ATSA to addressing these issues in our work.  We would like to acknowledge the ATSA members who have been meeting weekly for the last few years to make this happen.  In addition to the authors of this article, we want to acknowledge a fantastic group of individuals including Charles Flinton, Tyffani Dent, Ariel Berman, Jannine Hebert, Joan Tabachnick, Maia Christopher, and Aniss Benelmouffok.  

For more information about the infographics and what ATSA has done to date, go to https://www.atsa.com/rpp.