Facebook and Instagram are taking some of their strongest steps yet to clamp down on child sexual abuse material (CSAM) that is flooding their social networks. Meta, the parent company of both, is creating a database in partnership with the National Centre for Missing and Exploited Children (NCMEC) that will allow users to submit a “digital fingerprint” of known child abuse material, a numerical code related to an image or video rather than the file itself. The code will be stored and deployed by other participating platforms to detect signs of the same image or video being shared elsewhere online.
Meta said Monday that it is partnering with the NCMEC to found “a new platform designed to proactively prevent young people’s intimate images from spreading online.” The initiative, dubbed Take It Down, uses hash values of CSAM images to detect and remove copies potentially being shared on social media platforms, whether Meta’s own or elsewhere. Facebook and Instagram remove revenge porn images in this way already, and the initiative opens up the system to other companies wishing to do the same for their apps. Sites geared towards pornography and videos like Pornhub and Onlyfans are participating, as is the French social network Yubo.
The hash feature essentially functions as a “digital fingerprint” of unique numbers assigned to each image or video. Underage users hoping to have a nude or partially nude image of themselves removed from platforms can submit the file to Take It Down, which will then store the hash associated with the file in a database. Participating members, like Facebook and Instagram, can then take that database of hashes and scan it against images and videos on its platforms. Neither people working for Take It Down nor for Meta are supposed to ever actually view the image or video in questions, as possession of child pornography is a crime.
“People can go to TakeItDown.NCMEC.org and follow the instructions to submit a case that will proactively search for their intimate images on participating apps,” Meta’s press release reads.
Take it Down builds off of Meta’s 2021 StopNCII platform, which partnered with NGOs to use hashing technique to detect and remove intimate images shared nonconsensually. Take It Down focuses squarely on nude and partially nude images of underage users. Parents or other “trusted adults” can also submit claims on behalf of young users.
Anyone who believes they have a nude or partially nude image of themes shared on an unencrypted online platform can submit a request to Take It Down. That eligibility extends to users over the age of 18 who believe an image of video of them from when they were a minor may still be lurking somewhere on the web. Users aren’t required to submit any names, addresses, or other personal information to Take It Down either. Though that grants potential victims anonymity, it also means they won’t receive any alert or messaging informing them if any material was spotted and removed.
“Take It Down was designed with Meta’s financial support,” Meta Global Head of Safety Antigone Davis said in a statement. “We are working with NCMEC to promote Take It Down across our platforms, in addition to integrating it into Facebook and Instagram so people can easily access it when reporting potentially violating content.”
Child sexual abuse images on the rise
Meta’s partnership with NCMEC comes as social media platforms struggle to clamp down on a surge in child abuse material detected online. An annual report released last year by the Internet Watch Foundation discovered 252,194 URLs containing or promoting known CSAM material. That’s up 64% from the same time the previous year. Those figures are particularly alarming in the U.S.: Last year, according to the MIT Technology Review, the U.S. accounted for a staggering 30% of globally detected CSAM links.
The overwhelming majority of reported CSAM links from U.S. social media companies took place on Meta’s family apps. Data released last year by the NCMEC shows Facebook alone accounted for 22 million CSAM reports. That’s compared to just around 87,000 and 154,000 reports from Twitter and TikTok, respectively. Though those figures appear to cast Facebook as an unrivalled hotbed of CSAM materially, but it’s worth noting those large numbers partially reflect Meta’s more committed efforts to actually look for and detect CSAM material. In other words, the harder you look, the more you’ll find.
CSAM detection and end-to-end encryption: a tug-of-war
Many other tech companies have floated their own idea about limiting CSAM material in recent years with varying degrees of support. The most notorious of those proposals came from Apple back in 2021 when it proposed a new tool security researchers alleged would “scan” user’s phones for evidence of CSAM material before the images are sent and encrypted on iCloud. Privacy advocates immediately cried foul, fearing the new tools could function as a “back door” foreign governments or other intelligence agencies could repurpose to engage in surveillance. In a rare backpedal, Apple actually put the tools on pause before officially ditching the plan altogether last year.
Similarly, privacy and encryption advocates have warned growing congressional interest in new ways to limit CSAM material could, intentionally or not, lead to a whittling down of end-to-end encryption for everyday internet users. Those concerns aren’t limited to the U.S. Just last week, Signal’s president Meredith Whittaker told Ars Technica the app was willing to leave the U.K. market altogether if it moves forward with its Online Safety Bill, legislation ostensibly aimed at blocking CSAM material but which privacy advocates say could send a hatchet through encryption.
“Signal will never, would never, 1,000 per cent won’t participate, in any sort of adulteration of our technology that would undermine our privacy promises,” Whitaker told Ars Technica, “The mechanisms available and the laws of physics and reality of technology and the approaches that have been tried are deeply flawed both from a human rights standpoint and from a technological standpoint.”