Illegal activities prevention system (child pornography, animal cruelty, …)
It is a very sensitive topic that requires a solution from our end. I have few servers that I rent to few people. I have all legal permissions and rights to scan over the servers.
I want to prevent people from storing child pornography, animal cruelty or other videos of similar nature. The first priority is to be able to prevent child pornography since it is the most sensitive issue.
I tried searching online for solutions but couldn't find many people even discussing about this issue, I believe mainly because it is considered Taboo topic of discussion.
One of my thoughts was to search the servers for signatures of known files. Is there such a database anywhere?
I know big companies like GoDaddy have such prevention system but as a small company owner what can I do?
There are various Government and Industry programs that will provide Hashes of "Known Bad" material (eg CP) to hosting providers. You can then hash the files on your servers and compare. Below are a few that I know of:
- HashKeeper
Discontinued, ran by the US DoJ
http://www.nsrl.nist.gov/RDS/rds_2.44/Hashkeeper-RDS244-split.zip - DCMEC HVSI
Run by the Missing Kids non-profit
http://www.missingkids.com/Exploitation/Industry - NIST NSRL
Hashes for software files, mostly for avoiding software piracy
http://www.nsrl.nist.gov/Downloads.htm
Other Notes:
- It's going to be called "CP" everywhere to avoid using the actual term. It's that taboo.
- The law in the US are very reasonable when it comes to holding service providers accountable for what their clients put on their servers. Make minimal efforts to prevent abuse, communicate abuse policy to users, and have procedures to deal with policy violations.
- CP is about as "sensitive" as it gets. Be sure your response includes contacting authorities immediately upon any known CP violations - do not tamper with the data or server, contact authorities first. Authorities will advise you as to what steps you should follow from there.
In addition to Chris's answer about CP, I'd point out that the way the big guys handle this is:
- Using databases containing hashed values of known bad material
- This isn't even a particularly effective solution, because the slightest change changes the hash
- They will generally, or often maintain their own database, in addition to any publicly-accessible ones
- Reporting from users
- In the form of email contacts (
[email protected]
) - Reporting links for sites with user-generated contact (
click here to report this
)
- In the form of email contacts (
- Paying actual human beings to review content, or authorize content before it's uploaded
- The MPAA and RIAA, for example, employ dozens of people to scour the web for their copyrighted materials
So, for you, that basically means there's not going to be a great way for you to filter out objectionable material that isn't illegal, because objectionable material needs to be identified by a person. Most of what is identified doesn't ever find its way into publicly-accessible database, and even that which does is pretty easily altered to get around hash checks. So the bottom line is you can't really prevent this type of behavior, and all you can do is react once it happens.
And do be aware, if you start scanning content for one type of objectionable material, you'll be expected to scan for other types. The law varies from place to place, of course, but if you're scanning for CP, animal cruelty videos, and etc., but don't scan for pirated media, if someone uses your server to host copyrighted materials, you'll have a hard time avoiding liability for that. So... well, nothing's ever simple, is it?
Unfortunately, though as Chris S mentioned hashlists do exist, they are useless. The following command will change the hash of a file but leave it completely playable:
$ echo '0' >> pornfile.mp4
The truth is that many companies who deal primarily in user-uploaded video have humans review each and every file. See this related question for the consequences! Therefore if your primary business is user-uploaded video, I highly recommend that your company install such a human-review system.