Under US Federal law every electronic service provider (esp) within the US jurisdiction is required to report all child sex abuse material (csam) found on their virtual properties. They must report to NCMEC, the US hotline, in a form described here.
The csam reported to NCMEC principally comprises still pictures and videos. It might have been notified to the esp in the first instance by a member of the public or a user of its service. However, as you will see, these days overwhelmingly it will have been found by the esp itself, typically through the proactive use of tools such as PhotoDNA.
NCMEC has just released a set of numbers for 2019. They represent the total number of reports of online csam made to them that year.
In 2019 NCMEC received 16.9 million (16,836, 694) reports. Of these 150,667 (1.0%) came directly from members of the public. The remainder came from esps.
The small proportion of reports from the public does not “prove” reporting by the public is irrelevant. 150,667 is a big number whichever way you look at it and any individual report can lead to huge quantities of csam.
The 16.9 million reports covered 69.1 million “images, videos and other files related to child exploitation”. How many of these reports were of images reported more than once matters a great deal less than the simple fact that they were found 16.9 million times.
In the previous year, 2018, NCMEC received a larger number of reports, 18.4 million, but these covered “only” 45 Million images and videos. This suggests companies are getting better at finding and reporting stuff. Bravo, but note the enormous leap, i.e. from 45 million to 69.1 million in a single year, the largest ever year on year growth. I haven’t been able to locate the equivalent number of reports made in 2018 by members of the public but the ratio is unlikely to be materially different from 2019’s.
The platforms are….
The 2019 numbers should be read in conjunction with another part of the same document. This identifies the esps making the reports. There were just over 140 different companies in total, plus INHOPE which, obviously, is not a company.
First point to note: by a country mile Facebook is ahead of everyone with 15,884, 511 out of the 16,836, 694 total. That is a staggering 94%. A very long way behind in second place is Google with 449,283 (2.6%), third is Microsoft at 123,839 (0.7%), fourth is Snapchat at 82,030 (0.5%). The rest dribble to 1s, 2s and 3s with only a handful registering above 10,000.
And the countries are…
The IWF and INHOPE report on the countries where csam is being hosted i.e. published from. NCMEC’s reports identify the country from which it appears the csam was uploaded on to the internet, regardless of platform or hosting provider. There are caveats surrounding the potential use of proxies and anonymizers but it is unlikely these would distort any individual country’s numbers by an order of magnitude.
The stand out country is India with 1,987,430 reports (11.7% of the global total), followed by Pakistan with 1,158,390 (6.8%). Iraq comes third with 1,026,809 (6.0%) No other country tops a million with Mexico in an unenviable fourth place with 827,988 (4.9%), closely followed by the Philippines, 801 272 (4.7%). Bangladesh registers sixth with 556,642 (3.3%).
Other large numbers can be seen with the USA at 521,658 (3.0%), Saudi Arabia 514,832 (3.0%), then a series hovering round 2% e.g. Brazil 398,069, Vietnam, 379,554, Thailand 355, 396, and the United Arab Emirates (330, 268). The numbers then meander down to 1 for Svarlbard, the Dutch Antilles, North Korea, Antarctica, Christmas Island and the Falkland Islands. In 1,668,157 (9.8%) instances no country could be assigned from the available data.
Much food for thought.