Microsoft creates tools to crack child porn cases

Microsoft (Profile, Products, Articles), in a joint effort with Canadian law enforcement agencies, has developed a system to help track down people who prey on children online, the company said Thursday.

The Child Exploitation Tracking System (CETS) was developed by Microsoft Canada and law enforcement agencies, including the Royal Canadian Mounted Police (RCMP) and the Toronto Police Service. The technology lets investigators spot trends and link pieces of information in, for example, child pornography cases, which often span borders and involve unknown perpetrators and victims. Also, CETS is accessible to multiple agencies and can be linked to systems used by law enforcement agencies in other countries.

"It allows us to store massive amounts of information and share it. We're all working on one common database and it uses social networking analysis to identify nonobvious relationships," said Paul Gillespie, a Toronto Police detective sergeant. "Within law enforcement, just the fact that we will all be working off the same page is a bit of a cultural shift."

CETS is an information management tool that uses XML (Extensible Markup Language) Web services and other Microsoft technology, including SharePoint Portal Server and the SQL Server database to capture information related to child exploitation. It then allows investigators to search that information and share it. Police agencies can use CETS to cross reference large volumes of case information in new ways and uncover obscure relationships between different pieces of data. The technology's social-network analysis features can spot communities of sex offenders, Microsoft said in a statement.

Microsoft spent $2 million developing the program and at a news conference Thursday pledged another $2 million to help police agencies adopt and implement CETS. Any agency interested in obtaining the system at no cost can contact the software maker in Canada. "CETS is not something that we are going to be selling. We've offered to give this away to any law enforcement agency on a worldwide basis," said Microsoft Canada President David Hemler.

Details of how the system works are being kept secret, Hemler said. "We're intentionally coy about the technology that is used in this because we think it gives the good guys an advantage over the bad guys," he said. "Think of it as an assembly of commonly available Microsoft software, using techniques from Microsoft Research and best practices that the law enforcement community shared with us."

In Canada, the RCMP maintains a central CETS database that is used by more than 25 police forces across the country. Investigators can share information over a secure network and consolidate investigations that involve the same perpetrators or victims.

The program had backing at the highest levels within Microsoft. Chairman and Chief Software Architect Bill Gates instructed Microsoft Canada to work with law enforcement to develop CETS after he received an e-mail from Gillespie in January 2003. The Toronto Police detective sergeant told Gates that officers in his unit were falling behind sex offenders because they lacked the tools and training to properly investigate crimes on the Internet or penetrate shadowy communities of pedophiles.

"I sent the e-mail and about three weeks later I was contacted by Microsoft Canada. They wanted to know what they could do for me. To be honest, I thought it was people in my office playing a joke on me. When I sent the e-mail I really did not expect to hear anything back," Gillespie said. Following the first contact, Microsoft and Gillespie had several meetings, the collaboration ultimately led to the development of CETS.

The CETS system showed promise even before it was complete. During a test in November, CETS identified a link between information in a U.S. Federal Bureau of Investigation probe and a separate U.S. Department of Homeland Security operation called "Falcon." That information allowed the Toronto Police's Sex Crimes Unit to charge a man already under arrest on child pornography charges with sexually assaulting a 4 year-old girl, Microsoft said.

Once the purview of postal inspectors, child pornography cases are becoming an increasing concern for federal, state and local law enforcement agencies. Widespread Internet access and inexpensive digital imaging technology allow for easy creation of child pornography and sharing it online.

In the U.S., the Department of Defense (DOD) spent $500,000 and put its top cybercrime researchers on a program to make the fight against child pornography more efficient, according to officials at the agency.

The DOD's Defense Cyber Crime Center (DC3) launched the "Known Image Database System," or "KIDS" in July, 2004, to hasten the identification of pornographic images depicting children and relieve the workload on swamped computer crime investigators.

< There's a few things missing here. First of all, measure these crimes. Determin whether particular incidents within this category of crime are particularly bad. Sort out things which are potentially bad and keep them from being lumped in with things which Are bad. Then determine whether this category of crime is worthy of special attenion. If there are some particularly bad crimes related to children and sex, and if the good which can be done by dealing with them outweights the good which can be done by dealing with other types of crime, then proceded to: Decide what way of dealing with these crimes is most effective. In order to be effective as a matter of government involvement, the cost must be considered along with the results. The clear loss of privacy implied to those who are tracked without actually doing any harm, must be carefully balanced. is it ok to burn one man's house on the chance that another man who has done harm may be visiting as a friend? That's akin to this situation. Finally, after you've taken appropriate steps to protect the innocent (which if you don't do, you invalidate yourself utterly), and the innocent include many people who are lumped into this group who have not caused harm, then you may take steps to deal with those who are guilty. And not just potentially guilty, that's doing definate harm by stealing their privacy on the gamble of potential good by catching someone doing harm. And by the way, did I mention that they didn't even look at whether things lumped into this category are harmful? >