More than 1,700 websites in the EU may contain unreported child sexual abuse (CSAM) content, according to a new report.
These worrying findings come from a recent study by experts at Surfshark. Researchers also looked at the problem on a global scale and recorded an increase in CSAM reports submitted to authorities. There were around 83 million between 2020 and 2022, with EU countries accounting for 3.1 million reports.
This investigation comes a few days after a group of tech companies, including Surfhsark, wrote an open letter urging EU ministers to withdraw from a proposed anti-CSAM regulation that could allow authorities to scan the private communications of all citizens searching for dangerous content. By looking at the technological solutions currently available, the VPN service provider seeks to raise critical questions on how this growing problem can be addressed without infringing on people's privacy.
Children's online safety at risk
“There may be thousands of unreported CSAM-containing websites at any given time. Our study estimates that there are up to 1,720 websites in the EU alone. It's scary to think how many CSAM-containing websites are active right now in the rest of the world.” world and have not yet been reported,” Surfshark spokesperson Lina Survila told me, commenting on the findings.
As we mentioned, Surfshark researchers examined the extent of the problem of online child exploitation in the EU and around the world.
In Europe, Poland appears to have the biggest CSAM problem, as the country may account for 16% of EU cases (269 unreported harmful local websites). France does the same with 260 potentially dangerous websites, Germany with 158, Hungary with 152, and Italy with 110.
Worldwide, Asia leads concerns about children's online safety, accounting for two-thirds of the 83 million CSAM reports filed between 2020 and 2022. According to researchers, India represents almost 16% of these reports (more than 13 million), followed by he Philippines with 7.1 million reports, Pakistan with 5.4 million, Indonesia and Bangladesh with 4.7 million each.
To compile this worrying data set, researchers used open source information from the 2020-2022 period from the National Center for Missing and Exploited Children (NCMEC), the US body whose big tech companies are legally required to contact in these cases. These resources were then compared with data reported by the Lithuanian Communications Regulatory Authority (RRT). You can see more details of Surfhsark's methodology here.
Technological innovation for privacy-preserving solutions
Perhaps the most important part of the Surfshark study lies behind the RRT findings. In 2022, the national regulatory body conducted an experiment in partnership with proxy service provider Oxilabs to show how new technology can help combat CSAM issues while preserving privacy.
The company developed a new AI-powered tool capable of crawling the web to effectively identify illegal content. Analyzes image metadata and determines if there are matches in the police database. These images are then passed through a machine learning model capable of detecting pornographic material.
The pro bono project lasted two months and analyzed around 300,000 Lithuanian websites. The tool managed to identify 19 local websites that violate national or EU laws. This led to eight police reports and two pre-trial investigations.
According to Survila, the Oxilabs experiment should serve as an example of how technological innovation can support authorities' efforts to stop online child sexual abuse. She told me: “While there is no one-size-fits-all solution, proactive measures taken by some governments can serve as a guiding model for others to address these complex challenges.”
Did you know?
In October last year, the EU Parliament reached a landmark agreement, calling for the removal of the chat monitoring clause from the EU's scanning for child sexual abuse material (CSAM) proposal. Reiterating privacy as a fundamental right, the decision comes to safeguard online security and encryption. However, now is the time for each EU Member State to agree its own position. Ministers hope to reach an agreement in March.
The so-called chat monitoring proposal, currently being debated in the EU Parliament, appears to take a very different direction and, according to experts, could be detrimental to the safety of citizens.
They emphasized that side-scan chats are not only an attack on encryption that infringes on people's privacy, but can also open a backdoor that criminals can exploit.
If it is true that this invasive approach has been thought to address broader dangers online, “an individual's right to privacy should not be negotiable, and such laws should not even be considered before employing any other possible tool to combat the abusive material online,” Survila said.
She believes that, in fact, the first step for governments should be to try less invasive tools like web scraping to identify and combat publicly available dangerous material.
Denas Grybauskas, Head of Legal Affairs at Oxylabs, believes that the European Commission (EC) understands that such an intrusion into citizens' privacy should be allowed only as a last resort. Even so, he still believes it is crucial to discuss technological alternatives in more detail.
“I hope that examples like [Oxylabs’ pro bono project] and the EC will openly discuss a wider range of technological options to develop a regulation that could cause potential harm to the privacy of all EU citizens,” he told me.
In the meantime, he said, the Oxilabs team continues to work with RRT to improve its current AI-powered web scraping tool. The company is also carrying out more initiatives with organizations, students and researchers to develop more software solutions for today's online threats.
On this point, Grybauskas said: “We are always open to new partnerships with researchers, academics and public organizations that want to solve critical research questions and missions using public web data.”
We test and review VPN services in the context of legal recreational uses. For example: 1. Access a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or tolerate illegal or malicious use of VPN services. Future Publishing does not endorse or approve the consumption of paid pirated content.
