The Interpol "worst-of" list used by several internet service providers (ISPs) to voluntarily filter internet traffic has attracted criticism in the past, but, according to Interpol acting assistant director of cybercrime and security Michael Moran, critics need to realise that it's just one piece of the puzzle.
(Credit: Michael Lee/ZDNet Australia)
The list, currently in use or on its way to being used by Optus, Telstra and Vodafone, has been seen by some as ineffective due to the ability of child abusers to easily circumvent it, and because it's a preventative measure, not a cure that would see creators of child-abuse material arrested.
However, in an interview with ZDNet Australia at the Kaspersky Lab Cyber Conference 2012 in Cancun, Mexico, Moran said that this criticism only really applies if the filter list is the only measure. He acknowledged its limitations, but stated that the stop page presented when access is blocked is an important tool in Interpol's arsenal against child abuse.
"What it is, essentially, is a prevention tool. Of course it's easy to go around ... but that's not the point. It's not a silver bullet ...It's like a speed camera on a road — you can slow down when you come up to the speed camera, and you can speed up when you've driven past ... but the reality is that it's reminded you that what you're doing is illegal.
"To suggest that blocking the internet or filtering ... is our only answer is wrong. It's also very important to realise that the vast majority of this 'trade' doesn't happen on the web. It happens in off-web services — IRC, newsgroups, peer to peer; I could go on and on and on. That's where we do our big work."
One of the newer tools that Interpol is using as part of this work is an emerging policing discipline that it calls victim identification.
"Material that is found on the internet is analysed in real time by analysts around the world sharing through the ICSE [International Child Sexual Exploitation] database in Interpol."
In a recent case in Massachusetts, US, an image was distributed through the ICSE database, analysed and determined to be a Dutch child, and the victim was subsequently identified. From this information, local law enforcement was able to track the perpetrator down, who was found to be running a child-care centre and abusing 84 victims in total.
"If the system didn't exist at Interpol, and if the Dutch victim-identification officer wasn't doing her job, that man would still be abusing children," Moran said.
"That type of scenario has happened many times from Australia, where material found in Australia is fed into our systems."
Moran stressed that the ability to track victims greatly assisted in leading law enforcement to the perpetrator.
"Don't forget that 86 per cent plus of child sexual abuse takes place within the home, so if you find the victim, you find the perpetrator."
Moran also addressed criticism that there is a perceived lack of transparency with the Interpol filtering list, as it is difficult to determine what destinations have made their way onto it.
"If you feel that the site has been badly blocked for whatever reason, click that link [on the stop page] and make a complaint, and it will be answered," he said.
At the moment, complaints are handled either by Interpol or via the Australian Federal Police (AFP), but Moran clarified that the AFP has the ability to veto the content of the list.
"We're not some super-national police force that makes decisions for national countries. We make the list available to the national central bureau, which is run by the AFP, and the AFP are the ones who push it on out. The AFP themselves can go through the list and verify that all of this content is justifiable."
Even if the AFP was unwilling or unable to put the resources in place to check the list, Moran said that Interpol would still open the list to scrutiny, so long as the investigating party was from a government agency or similar.
"The list is not public for a very good reason. We would welcome independent verification if somebody wants to come in and look at what we put on the list," he said.
Michael Lee travelled to the Cyber Conference 2012 as a guest of Kaspersky Lab.