DICT explains why ISPs can’t automatically block child porn on servers

After the National Telecommunications Commission (NTC) ordered 47 internet service providers (ISPs) to explain their failure to block child sexual exploitation materials (CSEM), the information and communications technology department claimed there is “no way to automatically have it be detected” if the CSEM was not earlier flagged.

As per the anti-child pornography law, all ISPs are required to install technology that block and filter any form of CSEM.

In a House hearing on Wednesday, February 17, lawyer Omar Sana from the Department of Information and Communications Technology (DICT) explained the limits of ISP capabilities, especially due to conflicting laws that prevent user monitoring as well.

Sana said the blocking that ISPs can do is on a domain level. This means if involved agencies can identify the domain name and/or the IP address of the malicious content, the ISPs can proceed to block it.

However, Sana said “filtering” CSEM is a different issue. 

“When you say filtering, the concept seems to be that when I go to a website, it’s not been been identified previously by [law enforcers]… to contain child pornography, the idea seems to be that ISPs should be capable of detecting that someone is viewing CSEM and automatically filtering those out,” he said.

While telcos have claimed that they have already installed necessary platforms and technology, Sana said that these operate on the “domain link level,” where they can only block once flagged.

Apart from the domain blocking, some technology companies also create hashes of materials that have been identified to contain CSEM. Likewise to how ISPs treat domains, Sana explained the hashes can only be created if somebody first reports the materials.

The problem becomes harder with livestreamed abuse. Because live content is first released by being broadcast as it happens, it cannot be previously flagged.

Sana also mentioned the issues in the anti-child pornography law that prohibit ISPs from monitoring users. 

While ISPs are compelled by the law to notify law enforcers after learning of CSEM on their servers in Section 9, the same section prevents them from monitoring users’ activity.

The Philippine Chamber of Telecom Operators (PCTO) also earlier pointed to the Data Privacy Act of 2012, which imposes strict privacy responsibilities on entities that collect or process personal information of customers. They said this also clashes with their duties under the child pornography law.

But social media can monitor

Sana said ISPs like Globe, Smart, PLDT, and Converge cannot monitor real-time as they do not host content. Meanwhile, enterprise service providers (ESPs) like Facebook, Twitter, and other social media platforms have more control to block abuse as soon as it happens because they host and store users’ data.

“That’s a very big difference,” said Sana. “Facebook can say if someone reports that someone else uploaded CSEM. Facebook can determine that this is CSEM and say ‘let’s block it’ immediately.”

Meanwhile, Sana claimed all that ISPs can see is the URL that the browser is trying to go to, the IP address, and the port the user is trying to access. Abusers can further evade monitoring with virtual private networks (VPNs).

With more ESPs adopting encryption capabilities, there comes another layer of difficulty when the abusers use encrypted apps to engage with CSEM.

What law enforcers do

Lawyer Angiereen Medina from the Department of Justice’s (DOJ) cybercrime office said most of the CSEM reports they receive are of abuse coming from social media. 

If a child is in imminent danger, DOJ investigators can attend to the victims “within the day” because they can “easily communicate with service providers.”

In all reported cases, whether the child is in imminent danger or the crime had already been done, the DOJ contacts Facebook or the service providers to preserve the evidence while it is still possible. This is because it becomes difficult to track livestreamed abuse once it has ended. 

Still, the Ateneo Human Rights Center found there were not enough prosecutors attending to online sexual exploitation of children. Among other recommendations, they said that the government needed to provide more training and funding for personnel and equipment.

The DOJ said it received 279,166 cyber tips from March to May 2020, compared to 76,561 cyber tips over the same period in 2019. That translates to an increase of 264.63%. – Rappler.com

Michelle Abad

Michelle Abad is a researcher-writer at Rappler. Possessing the heart and soul of a feminist, she is working on specializing in women's issues in Newsbreak, Rappler's investigative arm.